Survey, Any help appreciated Options

[Magik5]

but isnt that obvious anyway... no webhosting companies in their right minds will give customers root access to logs/apache conf files etc ... or am i wrong?

youd have to go dedicated or whatever for full rw permissions, unless your that 1337 that chmod doesnt apply to you

[MonkeyFiend]

nope, quite correct.

[fido77]

to be fair it's not that simple......

If this was some spotty linux wannabe that flattened their dell pc and stuck on red hat and apache just to be l33t, then yes... there's probably a lot one could do.

If on the other hand we're talking about a shared linux/apache webhosting service.. same as many you'd rent from around the place. The markdorley user is not a superuser and has no root access. In fact he has no actual real permissions within the server structure. For reference kernel 2.6.24.2dn.am with apache 1.3.41

Assuming I created a site called markdorleycantdowebsites.com and was assigned by the powers ((or scripts) that be a user account called fidoisnotasgayasmonkey with permissions to write files within the public html or www direcotories

The fidoisnotasgayasmonkey user is a restricted.

Commonly (unfortunately.. chroot jail ftw!) the owner of the access-logs is root (0) - even if the fidoisnotasgayasmonkey user ftp'd to their shiny new hosting and went to their access-logs folder they would find a bunch of files with 640 or similar permissions owned by root, (-rw-r------ if you prefer), the group can read em, but only the owner can write to them and I mentioned before the owner is root .

Fidoisnotasgayasmonkey would not be able to tamper with these files and would logout safe in the knowledge that his access logs are secure and could return to pwning at L4D

assuming this is true, which i'm sure it is. you still touch youself at night

[MonkeyFiend]

it's a dirty job, but someones got to do it

and user is fidoisgay is a secret superuser account that comes with all versions of unix.. it's just a well kept secret

[=R6= Raile]

IT'S MONKEYFIEND
FIEND!
with an FIE!
There's no R in there!
MONKEYFIEND!

I lol'd pretty hard at that..
Wouldn't be so bad if not for monkey getting so upset about it

[Lawpf2001]

I am quite happy to say I have noclue what your all on about

[Magik6]

Agreed

[MonkeyFiend]

I find myself wondering whats wrong with you, Mr. Dorley?

Learning about security is a good thing; but trying to do so by attempting to gain root admin on this site is frankly retarded.

Running linux (especially feisty fawn) does not make one l33t. All the form entries were santised here so there won't be any code injections or whatever the hell you thought you were doing.

Now...

1. Your computers root password is currently set to: markdorkley1, feel free to change this.

2. Once online, don't return here or mail me.. Attempting to hack this website does not make us bestest buddies

3. Get a haircut - stupid fringe; you look like a chav.

k. thx. bye.