Reply to post: "The attackers appear to be using compromised websites"

Worldwide bank attack blitz linked to Sony Pictures hacking crew

Crazy Operations Guy

"The attackers appear to be using compromised websites"

There should be some kind of certification process required before a website is allowed on the internet. Even basic questionnaire would suffice, something along the lines of:

-Does the website run as root?

-Are any of the website's resources marked as 777 (Or anything else idiotically loose like that)?

-Are users allowed to upload files with +x permissions?

-Is the admin page accessible by everyone?

Any of those should be grounds for the website being denied from serving pages to the world. It bothers me how many websites out there are set up where the process serving pages is also granted permissions to modify the files it is serving or even files outside of the website's directories. Or in some cases, CGIs that run as root and have both write and execute turned on.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2021