linux/bsd security for porn admins (read this)
 

Hi, my name is Julian I recently started "trying" to make money in the porn business by making galleries etc...
I'm not doing too well (maybe cause my first time and I dont know html too well) and I was just wondering seeing my self as a unix expert (linux and freebsd), I was wondering; How many Big site admins run linux boxes (their own colos) and don't have any clue how vulnerable they are, without security updates patches etc..
-
That's why I'm looking for a couple of jobs I currently work for PsychzNET Internet Services as the shell administrator,
I'm lookin for a couple of jobs like just securing peoples boxes etc..
-
If you are worried about you vulnerability risk (redhat comes installed with 90% all binaries vulnerable)
-
To check if you box is vulnerable type
find / -perm +4000 running as root (this will show you the amount of vulnerable binaries running at one interval)
-
Anyone wanting to help me out and give me a job email me at [email protected]
-
Thanks guys.

sounds interesting.. i sent ya an email

I agree that SUID security is something very important
with shell accounts.

It's a bit of a scare tatic to have members of this
board running a SUID check across their whole mounts.

Guys if you're not running shell accounts for anyone
other than yourselves, and you're running the latest
patched ssh, now aren't we???

find /your/web/root -perm 4000 -print

Now every cgi that pops up on the screen... have you
gone line by line through the source yourself to know
what it does and have you checked bugtraq to see
if anything you didn't write yourself has known buffer
overflow.

Skitzoe, I'm not saying a security audit is a bad idea.
ANYONE running linux (and full installed FreeBSD when
they only need web services) should run a security
audit and have a full printed report on hand for ease
of tracking a hacker.

...but if you're going to tell webmasters that
/games/trek is threat to paysite ...well then you
shouldn't be doing security audit sales.:2 cents:

some_idiot:

First of all:

1) You may know a little bit about security but:

When ANYONE purchases their DEDICATED SERVER
from a colocation place/hosting place they usually and most probably get a full install of redhat (the lamers version of linux)
which comes PREINSTALLD with about 50 vulnerable programs running at boottime throughout whole uptime that arent needed.
EVEN if you get rid of these programs your box is still vulnerable
(SSH = VULN)
(APACHE = VULN)
And many more programs.
I've been working with unix (mostly freebsd and redhat)
for about 5 years now.
And I can assure you that 50% of all big porn sites (sucessful) ones are at a big security risk.

Even if they apply patches
Security admin = constant monitoring

Believe you me that alot of the well going sites are under militious abuse/hack risk.

They might not know it, but when someone with a mass scanner goes through their B class, that will be the end.

Also how many porn dedicated servers are ALREADY HACKED and no sign of knowledge is present by the lawful admin.

All I'm asking for is a job so I can go for a trip at the end of the year. I wan't to help people out.

Regards

Julian.

Hey, reread...

I said that Linux was a security risk period.

Base installs of RH are asking to be a DOS launch pad,
no argument.

If you've got a colo that has a B and no tripwires, you're
fuckered anyways ...get off that colo. Fuck my net you
can't plug a device in without my pager going off.

I'm going to doubt your "successful" sites are at risk.
They have staff. I'd say that 90% of your sub $5k
webmasters are your potential customers.

How many are hacked? Beats me, ... how many run IIS?

Fact remains... you used a scare tatic instead of a true
helpful hint. 99.9% of the programs listed by your find
are NEVER touched or are not vulnerable to a system
that has only 2 or 3 shells and the ports locked up as
any web colo should be.

I said a full printed report audit WAS A GOOD THING.
It should be done by ANYONE that values no disruptions
in there monthly checks.

Sure, every open port is a potential security hole and anyone running services they don't need and understand is asking to be cracked. However, some_idoit is right, if you're going to pass yourself off as a "security expert", misleading fear mongering isn't the way to win credibility.

You might have better luck if you demonstrated some actual in depth knowledge. For example, explain why apache is vulnerable and offer solutions to some of the common problems. You may not any job offers right away, but if you can come off as GFY's resident security expert there's a good chance you'll make a few bucks.

I'm not trying to flame you, but from the posts you've made so far I can't tell if you really know your stuff, or if you've just finished reading something like Trinity OS.

You're working as a "shell administrator", huh ?
does this means you configure bash, sh, tcsh and such ?
:))

"I've been working with unix (mostly freebsd and redhat)"
does that makes redhat a unix ?

Most of the suid programs are a danger only if the hax0r has shell access to your computer.

A better suggestion would be to disable RPC (if possible) and remove unnecessary services from /etc/services rather than check for SUID vulnerabilities.

Just my .02

Haha.

I would highly consider spending money with this guy. It's pretty obvious as to why.


-Phil

retards,

ever heard of remote root kits ?

If only i had permission from atleast the top 20 tgps,
id show you where you are all wrong.
;)

Point is, no one here knows anything about remote vulnerabilities.
For example: vidsvidsvids.com is vulnerable. (REMOTELY)

You dont need to have local access (SHELL) to "aquire" root on a box.

All I want is a job im not asking for a million dollars and someone out there that wants help and to be secure give me a buzz at [email protected] so I can go on a holiday at the end of the year after studying my ass off all year :/

as a matter of fact we did
and thats the first mistake you've done
you considered that you'll find here some stupid newbies that
you can full with your "shell administrator" skills

yep a shell administrator knows * about securing local/remote

you just got rolled madam :)

I really aint going to continue with this shit thread
just to let u know
"shell administrator","rootkits", smells like undernet kids stuff to me.
good luck anyways, have fun with the trip

no one asked you to open your mouth in this thread.

Come on guys, give the guy a break, he studied the TrinityOS tutorial all year so he must know something about UNIX security!

Really, how many SANS institute courses have you attended? Written any white papers on the subject or consulted with Global 2000 companies?

You're the fucking retard.

all he has wanted to do was go on a trip

sponsor him for a dollar a day :helpme

Alrighty, let's put this puppy to bed.

Skitzoe, you have permission to retrieve the
file /root/message.skitzoe from www.iamlazy.com
and post it here.

It's a standard issue box running base package installs
and is a live webserver.

pudlyor

4

stephanie

fucken unix gods coming through

lenny youse coming for a paint later tonight?

fucken if you are make sure to meet up armadale bridge

gary sucks major cock

skitzoe = haxor

dont trust him ehehhehehehhe

We all host on Windows and zx spectrum, all of my sites are running on a VIC20 cardridge

I know...let's settle this with dueling arms at dawn!

Listen up boys...fighting computer "insecurity" is liking pissing in the wind.

Sure, you may have this thing or that thing that proves a site to be unsecure....but fuck...when I look at my house, I can point out 30 or 40 unsecure places that an intruder could break in.

Everything is vulnerable to a bit of breaking in once and awhile. Just ask your mothers. Those ol' ladies were beggin for me to split their labias since they day I met them at the homeless shelter.

Sheeit. You dig?