skitzoe

Hi, my name is Julian I recently started "trying" to make money in the porn business by making galleries etc...
I'm not doing too well (maybe cause my first time and I dont know html too well) and I was just wondering seeing my self as a unix expert (linux and freebsd), I was wondering; How many Big site admins run linux boxes (their own colos) and don't have any clue how vulnerable they are, without security updates patches etc..
-
That's why I'm looking for a couple of jobs I currently work for PsychzNET Internet Services as the shell administrator,
I'm lookin for a couple of jobs like just securing peoples boxes etc..
-
If you are worried about you vulnerability risk (redhat comes installed with 90% all binaries vulnerable)
-
To check if you box is vulnerable type
find / -perm +4000 running as root (this will show you the amount of vulnerable binaries running at one interval)
-
Anyone wanting to help me out and give me a job email me at [email protected]
-
Thanks guys.

bigXvids

sounds interesting.. i sent ya an email

some_idiot

I agree that SUID security is something very important
with shell accounts.

It's a bit of a scare tatic to have members of this
board running a SUID check across their whole mounts.

Guys if you're not running shell accounts for anyone
other than yourselves, and you're running the latest
patched ssh, now aren't we???

find /your/web/root -perm 4000 -print

Now every cgi that pops up on the screen... have you
gone line by line through the source yourself to know
what it does and have you checked bugtraq to see
if anything you didn't write yourself has known buffer
overflow.

Skitzoe, I'm not saying a security audit is a bad idea.
ANYONE running linux (and full installed FreeBSD when
they only need web services) should run a security
audit and have a full printed report on hand for ease
of tracking a hacker.

...but if you're going to tell webmasters that
/games/trek is threat to paysite ...well then you
shouldn't be doing security audit sales.

skitzoe

some_idiot:

First of all:

1) You may know a little bit about security but:

When ANYONE purchases their DEDICATED SERVER
from a colocation place/hosting place they usually and most probably get a full install of redhat (the lamers version of linux)
which comes PREINSTALLD with about 50 vulnerable programs running at boottime throughout whole uptime that arent needed.
EVEN if you get rid of these programs your box is still vulnerable
(SSH = VULN)
(APACHE = VULN)
And many more programs.
I've been working with unix (mostly freebsd and redhat)
for about 5 years now.
And I can assure you that 50% of all big porn sites (sucessful) ones are at a big security risk.

Even if they apply patches
Security admin = constant monitoring

Believe you me that alot of the well going sites are under militious abuse/hack risk.

They might not know it, but when someone with a mass scanner goes through their B class, that will be the end.

Also how many porn dedicated servers are ALREADY HACKED and no sign of knowledge is present by the lawful admin.

All I'm asking for is a job so I can go for a trip at the end of the year. I wan't to help people out.

Regards

Julian.

some_idiot

Hey, reread...

I said that Linux was a security risk period.

Base installs of RH are asking to be a DOS launch pad,
no argument.

If you've got a colo that has a B and no tripwires, you're
fuckered anyways ...get off that colo. Fuck my net you
can't plug a device in without my pager going off.

I'm going to doubt your "successful" sites are at risk.
They have staff. I'd say that 90% of your sub $5k
webmasters are your potential customers.

How many are hacked? Beats me, ... how many run IIS?

Fact remains... you used a scare tatic instead of a true
helpful hint. 99.9% of the programs listed by your find
are NEVER touched or are not vulnerable to a system
that has only 2 or 3 shells and the ports locked up as
any web colo should be.

I said a full printed report audit WAS A GOOD THING.
It should be done by ANYONE that values no disruptions
in there monthly checks.

NetRodent

Sure, every open port is a potential security hole and anyone running services they don't need and understand is asking to be cracked. However, some_idoit is right, if you're going to pass yourself off as a "security expert", misleading fear mongering isn't the way to win credibility.

You might have better luck if you demonstrated some actual in depth knowledge. For example, explain why apache is vulnerable and offer solutions to some of the common problems. You may not any job offers right away, but if you can come off as GFY's resident security expert there's a good chance you'll make a few bucks.

I'm not trying to flame you, but from the posts you've made so far I can't tell if you really know your stuff, or if you've just finished reading something like Trinity OS.

__________________
"Every normal man must be tempted, at times, to spit on his hands, hoist the black flag, and begin slitting throats."
--H.L. Mencken

darksoul

You're working as a "shell administrator", huh ?
does this means you configure bash, sh, tcsh and such ?
)

"I've been working with unix (mostly freebsd and redhat)"
does that makes redhat a unix ?

Most of the suid programs are a danger only if the hax0r has shell access to your computer.

__________________
1337 5y54|)m1n: 157717888
BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
Cambooth

frankfortuna

A better suggestion would be to disable RPC (if possible) and remove unnecessary services from /etc/services rather than check for SUID vulnerabilities.

Just my .02

Phil21

Haha.

I would highly consider spending money with this guy. It's pretty obvious as to why.


-Phil

skitzoe

retards,

ever heard of remote root kits ?

skitzoe

If only i had permission from atleast the top 20 tgps,
id show you where you are all wrong.
;)

skitzoe

Point is, no one here knows anything about remote vulnerabilities.
For example: vidsvidsvids.com is vulnerable. (REMOTELY)

You dont need to have local access (SHELL) to "aquire" root on a box.

All I want is a job im not asking for a million dollars and someone out there that wants help and to be secure give me a buzz at [email protected] so I can go on a holiday at the end of the year after studying my ass off all year :/

darksoul

as a matter of fact we did
and thats the first mistake you've done
you considered that you'll find here some stupid newbies that
you can full with your "shell administrator" skills

__________________
1337 5y54|)m1n: 157717888
BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
Cambooth

skitzoe

yep a shell administrator knows * about securing local/remote

you just got rolled madam

darksoul

I really aint going to continue with this shit thread
just to let u know
"shell administrator","rootkits", smells like undernet kids stuff to me.
good luck anyways, have fun with the trip

__________________
1337 5y54|)m1n: 157717888
BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
Cambooth

skitzoe

no one asked you to open your mouth in this thread.

woj

Come on guys, give the guy a break, he studied the TrinityOS tutorial all year so he must know something about UNIX security!

__________________
Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

frankfortuna

Really, how many SANS institute courses have you attended? Written any white papers on the subject or consulted with Global 2000 companies?

You're the fucking retard.

yuval

all he has wanted to do was go on a trip

sponsor him for a dollar a day

some_idiot

Alrighty, let's put this puppy to bed.

Skitzoe, you have permission to retrieve the
file /root/message.skitzoe from www.iamlazy.com
and post it here.

It's a standard issue box running base package installs
and is a live webserver.

yuval

pudlyor

4

stephanie

yuval

fucken unix gods coming through

yuval

lenny youse coming for a paint later tonight?

yuval

fucken if you are make sure to meet up armadale bridge

yuval

gary sucks major cock

yuval

skitzoe = haxor

dont trust him ehehhehehehhe

boldy

We all host on Windows and zx spectrum, all of my sites are running on a VIC20 cardridge

__________________
MacDaddy Coder.

MrPopup

I know...let's settle this with dueling arms at dawn!

Listen up boys...fighting computer "insecurity" is liking pissing in the wind.

Sure, you may have this thing or that thing that proves a site to be unsecure....but fuck...when I look at my house, I can point out 30 or 40 unsecure places that an intruder could break in.

Everything is vulnerable to a bit of breaking in once and awhile. Just ask your mothers. Those ol' ladies were beggin for me to split their labias since they day I met them at the homeless shelter.

Sheeit. You dig?

__________________
<table cellspacing="0" cellpadding="3" border="1" bgcolor="#008000"><tr><td><font size=3>Gone</font></td></tr></table>