|
Home > Archive > alt.certification.i-net-plus > October 2002 > It might be wise to dump Unix and go to MS2000.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
It might be wise to dump Unix and go to MS2000.
|
|
| Glenn D. Crosse 2002-10-12, 7:24 pm |
| It might be wise to dump Unix and go to MS2000.
First reason is reliability.
Second is security.
Third reason is it might be configurable.
Glenn
"Mercury" <evo_spook@hotmail.com> wrote in message
news:uqhbsos0k3vic1@corp.supernews.com...
> Firstly, sorry, I would have posted this on a more relevant site except
I'd
> like an answer now rather then next week.
>
> I'm working on a website, Unix, Apache server, got full permissions on the
> server, except in my HTML folder theres one folder within which is nestled
> some other folders and a few .txt files, the result of a php script
install
> which I tried to delete but it left this almost empty folder instead of
> deleting all of it.
>
> Everytime I try to delete it or chmod the files underneath it comes up
with
> 550 permissions denied WS_FTP, also tried deleting it using DOS and
> Dreamweaver), and the directory isn't protected at admin level, its
strange.
>
> Any thoughts anyone?
>
> Cheers
>
>
| |
| Mercury 2002-10-12, 7:24 pm |
| Maybe, but its not my webserver and the webspace and name have been provided
free of charge so I can't really complain ;-)
"Glenn D. Crosse" <glenncrosse@earthlink.net> wrote in message
news:##lxYpkcCHA.2456@tkmsftngp08...
> It might be wise to dump Unix and go to MS2000.
> First reason is reliability.
> Second is security.
> Third reason is it might be configurable.
> Glenn
> "Mercury" <evo_spook@hotmail.com> wrote in message
> news:uqhbsos0k3vic1@corp.supernews.com...
> > Firstly, sorry, I would have posted this on a more relevant site except
> I'd
> > like an answer now rather then next week.
> >
> > I'm working on a website, Unix, Apache server, got full permissions on
the
> > server, except in my HTML folder theres one folder within which is
nestled
> > some other folders and a few .txt files, the result of a php script
> install
> > which I tried to delete but it left this almost empty folder instead of
> > deleting all of it.
> >
> > Everytime I try to delete it or chmod the files underneath it comes up
> with
> > 550 permissions denied WS_FTP, also tried deleting it using DOS and
> > Dreamweaver), and the directory isn't protected at admin level, its
> strange.
> >
> > Any thoughts anyone?
> >
> > Cheers
> >
> >
>
>
| |
| chazbrew 2002-10-12, 8:24 pm |
| Have you tried to chown the file to your user?
Do you have the root password to SU to and then chmod the directory?
What flavor of UNIX is it?
Chaz
"Mercury" <evo_spook@hotmail.com> wrote in message
news:uqhf5214dcja3b@corp.supernews.com...
> Maybe, but its not my webserver and the webspace and name have been
provided
> free of charge so I can't really complain ;-)
>
>
>
> "Glenn D. Crosse" <glenncrosse@earthlink.net> wrote in message
> news:##lxYpkcCHA.2456@tkmsftngp08...
> > It might be wise to dump Unix and go to MS2000.
> > First reason is reliability.
> > Second is security.
> > Third reason is it might be configurable.
> > Glenn
> > "Mercury" <evo_spook@hotmail.com> wrote in message
> > news:uqhbsos0k3vic1@corp.supernews.com...
> > > Firstly, sorry, I would have posted this on a more relevant site
except
> > I'd
> > > like an answer now rather then next week.
> > >
> > > I'm working on a website, Unix, Apache server, got full permissions on
> the
> > > server, except in my HTML folder theres one folder within which is
> nestled
> > > some other folders and a few .txt files, the result of a php script
> > install
> > > which I tried to delete but it left this almost empty folder instead
of[co
lor=darkred]
> > > deleting all of it.
> > >
> > > Everytime I try to delete it or chmod the files underneath it comes up
> > with
> > > 550 permissions denied WS_FTP, also tried deleting it using DOS and
> > > Dreamweaver), and the directory isn't protected at admin level, its
> > strange.
> > >
> > > Any thoughts anyone?
> > >
> > > Cheers
> > >
> > >
> >
> >
>
>[/color]
| |
| limeaid 2002-10-12, 8:24 pm |
| Glenn I hope you were kidding.
Reliability issues with Apache/UNIX?
Security Issues?
Apache runs over 65% of the websites you visit.
Microsoft 25%
http://www.netcraft.com/survey/
Security?
Do you not read SANS? How about any trade magazine?
Microsoft Warns of 10 IIS Flaws
http://www.eweek.com/article2/0,3959,36938,00.asp
Microsoft IIS most vulnerable
http://www.zdnet.com.au/newstech/se...85,20261745,00.
htm
56% of all sites hacked were IIS
http://www.attrition.org/mirror/att...graphs.html#PIE
It's one thing to give out your opinion but another to give opinion based
on false statements.
"Mercury" <evo_spook@hotmail.com> wrote in
news:uqhf5214dcja3b@corp.supernews.com:
> Maybe, but its not my webserver and the webspace and name have been
> provided free of charge so I can't really complain ;-)
>
>
>
> "Glenn D. Crosse" <glenncrosse@earthlink.net> wrote in message
> news:##lxYpkcCHA.2456@tkmsftngp08...
>> It might be wise to dump Unix and go to MS2000.
>> First reason is reliability.
>> Second is security.
>> Third reason is it might be configurable.
>> Glenn
>> "Mercury" <evo_spook@hotmail.com> wrote in message
>> news:uqhbsos0k3vic1@corp.supernews.com...
>> > Firstly, sorry, I would have posted this on a more relevant site
>> > except
>> I'd
>> > like an answer now rather then next week.
>> >
>> > I'm working on a website, Unix, Apache server, got full permissions
>> > on
> the
>> > server, except in my HTML folder theres one folder within which is
> nestled
>> > some other folders and a few .txt files, the result of a php script
>> install
>> > which I tried to delete but it left this almost empty folder
>> > instead of deleting all of it.
>> >
>> > Everytime I try to delete it or chmod the files underneath it comes
>> > up
>> with
>> > 550 permissions denied WS_FTP, also tried deleting it using DOS and
>> > Dreamweaver), and the directory isn't protected at admin level, its
>> strange.
>> >
>> > Any thoughts anyone?
>> >
>> > Cheers
>> >
>> >
>>
>>
>
>
| |
| Glenn D. Crosse 2002-10-12, 8:24 pm |
| I appreciate your opinion but I would like some substantiation other than a
pointer to SANS which points out flaws in both.
I think 2000 is secure and would love to see some objective analysis to
prove me wrong.
I also believe that Win2000 is very reliable.
Your opinions are valuable to all.
Thanks,
Glenn
"limeaid" <limeaid@nospam.rocketmail.com> wrote in message
news:Xns92A5C920BC63Elimeaidno
spamrocketm@216.148.227.77...
> Glenn I hope you were kidding.
> Reliability issues with Apache/UNIX?
> Security Issues?
>
> Apache runs over 65% of the websites you visit.
> Microsoft 25%
> http://www.netcraft.com/survey/
>
> Security?
> Do you not read SANS? How about any trade magazine?
>
> Microsoft Warns of 10 IIS Flaws
> http://www.eweek.com/article2/0,3959,36938,00.asp
>
> Microsoft IIS most vulnerable
> http://www.zdnet.com.au/newstech/se...85,20261745,00.
> htm
>
> 56% of all sites hacked were IIS
> http://www.attrition.org/mirror/att...graphs.html#PIE
>
> It's one thing to give out your opinion but another to give opinion based
> on false statements.
>
> "Mercury" <evo_spook@hotmail.com> wrote in
> news:uqhf5214dcja3b@corp.supernews.com:
>
> > Maybe, but its not my webserver and the webspace and name have been
> > provided free of charge so I can't really complain ;-)
> >
> >
> >
> > "Glenn D. Crosse" <glenncrosse@earthlink.net> wrote in message
> > news:##lxYpkcCHA.2456@tkmsftngp08...
> >> It might be wise to dump Unix and go to MS2000.
> >> First reason is reliability.
> >> Second is security.
> >> Third reason is it might be configurable.
> >> Glenn
> >> "Mercury" <evo_spook@hotmail.com> wrote in message
> >> news:uqhbsos0k3vic1@corp.supernews.com...
> >> > Firstly, sorry, I would have posted this on a more relevant site
> >> > except
> >> I'd
> >> > like an answer now rather then next week.
> >> >
> >> > I'm working on a website, Unix, Apache server, got full permissions
> >> > on
> > the
> >> > server, except in my HTML folder theres one folder within which is
> > nestled
> >> > some other folders and a few .txt files, the result of a php script
> >> install
> >> > which I tried to delete but it left this almost empty folder
> >> > instead of deleting all of it.
> >> >
> >> > Everytime I try to delete it or chmod the files underneath it comes
> >> > up
> >> with
> >> > 550 permissions denied WS_FTP, also tried deleting it using DOS and
> >> > Dreamweaver), and the directory isn't protected at admin level, its
> >> strange.
> >> >
> >> > Any thoughts anyone?
> >> >
> >> > Cheers
> >> >
> >> >
> >>
> >>
> >
> >
>
| |
| Glenn D. Crosse 2002-10-12, 8:24 pm |
| While I agree on the percentage of web sites, the other links you posted are
out of date.
One of the links gave the following message:
We were unable to find the page you requested.
If you arrived here by typing a URL, please make sure the spelling,
capitalization, and punctuation are correct, then reload the page by hitting
the Enter or Return key on your keyboard.
The link on security also mentioned that the buffer overrun was fixed.
You are not convincing me.
Glenn
"limeaid" <limeaid@nospam.rocketmail.com> wrote in message
news:Xns92A5C920BC63Elimeaidno
spamrocketm@216.148.227.77...
> Glenn I hope you were kidding.
> Reliability issues with Apache/UNIX?
> Security Issues?
>
> Apache runs over 65% of the websites you visit.
> Microsoft 25%
> http://www.netcraft.com/survey/
>
> Security?
> Do you not read SANS? How about any trade magazine?
>
> Microsoft Warns of 10 IIS Flaws
> http://www.eweek.com/article2/0,3959,36938,00.asp
>
> Microsoft IIS most vulnerable
> http://www.zdnet.com.au/newstech/se...85,20261745,00.
> htm
>
> 56% of all sites hacked were IIS
> http://www.attrition.org/mirror/att...graphs.html#PIE
>
> It's one thing to give out your opinion but another to give opinion based
> on false statements.
>
> "Mercury" <evo_spook@hotmail.com> wrote in
> news:uqhf5214dcja3b@corp.supernews.com:
>
> > Maybe, but its not my webserver and the webspace and name have been
> > provided free of charge so I can't really complain ;-)
> >
> >
> >
> > "Glenn D. Crosse" <glenncrosse@earthlink.net> wrote in message
> > news:##lxYpkcCHA.2456@tkmsftngp08...
> >> It might be wise to dump Unix and go to MS2000.
> >> First reason is reliability.
> >> Second is security.
> >> Third reason is it might be configurable.
> >> Glenn
> >> "Mercury" <evo_spook@hotmail.com> wrote in message
> >> news:uqhbsos0k3vic1@corp.supernews.com...
> >> > Firstly, sorry, I would have posted this on a more relevant site
> >> > except
> >> I'd
> >> > like an answer now rather then next week.
> >> >
> >> > I'm working on a website, Unix, Apache server, got full permissions
> >> > on
> > the
> >> > server, except in my HTML folder theres one folder within which is
> > nestled
> >> > some other folders and a few .txt files, the result of a php script
> >> install
> >> > which I tried to delete but it left this almost empty folder
> >> > instead of deleting all of it.
> >> >
> >> > Everytime I try to delete it or chmod the files underneath it comes
> >> > up
> >> with
> >> > 550 permissions denied WS_FTP, also tried deleting it using DOS and
> >> > Dreamweaver), and the directory isn't protected at admin level, its
> >> strange.
> >> >
> >> > Any thoughts anyone?
> >> >
> >> > Cheers
> >> >
> >> >
> >>
> >>
> >
> >
>
| |
| Mercury 2002-10-12, 9:24 pm |
| unfortunatly I'm only accessing the server from my windows machine through
FTP, so I'm not able to CHOWN it, well I don't think I can anyway I don't
know to much of this thats why I'm asking you guys ;-)
I don't think I have the root password, only site administration passwords
to ftp, passwords to the site admin page, configuration, SQL, setup email
and such like
"chazbrew" <csbrehm@erols.com> wrote in message
news:aoafjl$mbl$1@bob.news.rcn.net...
> Have you tried to chown the file to your user?
>
> Do you have the root password to SU to and then chmod the directory?
>
> What flavor of UNIX is it?
>
> Chaz
>
> "Mercury" <evo_spook@hotmail.com> wrote in message
> news:uqhf5214dcja3b@corp.supernews.com...
> > Maybe, but its not my webserver and the webspace and name have been
> provided
> > free of charge so I can't really complain ;-)
> >
> >
> >
> > "Glenn D. Crosse" <glenncrosse@earthlink.net> wrote in message
> > news:##lxYpkcCHA.2456@tkmsftngp08...
> > > It might be wise to dump Unix and go to MS2000.
> > > First reason is reliability.
> > > Second is security.
> > > Third reason is it might be configurable.
> > > Glenn
> > > "Mercury" <evo_spook@hotmail.com> wrote in message
> > > news:uqhbsos0k3vic1@corp.supernews.com...
> > > > Firstly, sorry, I would have posted this on a more relevant site
> except
> > > I'd
> > > > like an answer now rather then next week.
> > > >
> > > > I'm working on a website, Unix, Apache server, got full permissions
on
> > the
> > > > server, except in my HTML folder theres one folder within which is
> > nestled
> > > > some other folders and a few .txt files, the result of a php script
> > > install
> > > > which I tried to delete but it left this almost empty folder instead
> of
> > > > deleting all of it.
> > > >
> > > > Everytime I try to delete it or chmod the files underneath it comes
up[co
lor=darkred]
> > > with
> > > > 550 permissions denied WS_FTP, also tried deleting it using DOS and
> > > > Dreamweaver), and the directory isn't protected at admin level, its
> > > strange.
> > > >
> > > > Any thoughts anyone?
> > > >
> > > > Cheers
> > > >
> > > >
> > >
> > >
> >
> >
>
>[/color]
| |
| Gary - US 2002-10-12, 11:24 pm |
| Come now Glenn. You can't be serious about Windows being more secure than
UNIX? Or more reliable? Surely you jest!
--
Semper Fi,
Gary
"Glenn D. Crosse" <glenncrosse@earthlink.net> wrote in message
news:##lxYpkcCHA.2456@tkmsftngp08...
> It might be wise to dump Unix and go to MS2000.
> First reason is reliability.
> Second is security.
> Third reason is it might be configurable.
> Glenn
> "Mercury" <evo_spook@hotmail.com> wrote in message
> news:uqhbsos0k3vic1@corp.supernews.com...
> > Firstly, sorry, I would have posted this on a more relevant site except
> I'd
> > like an answer now rather then next week.
> >
> > I'm working on a website, Unix, Apache server, got full permissions on
the
> > server, except in my HTML folder theres one folder within which is
nestled
> > some other folders and a few .txt files, the result of a php script
> install
> > which I tried to delete but it left this almost empty folder instead of
> > deleting all of it.
> >
> > Everytime I try to delete it or chmod the files underneath it comes up
> with
> > 550 permissions denied WS_FTP, also tried deleting it using DOS and
> > Dreamweaver), and the directory isn't protected at admin level, its
> strange.
> >
> > Any thoughts anyone?
> >
> > Cheers
> >
> >
>
>
| |
| Gary - US 2002-10-12, 11:24 pm |
| Glenn let me guess. You work for MS. You must because you certainly can't
believe this mess you are spewing out.
--
Semper Fi,
Gary
"Glenn D. Crosse" <glenncrosse@earthlink.net> wrote in message
news:#5OJHRlcCHA.2492@tkmsftngp12...
> While I agree on the percentage of web sites, the other links you posted
are
> out of date.
> One of the links gave the following message:
> We were unable to find the page you requested.
>
> If you arrived here by typing a URL, please make sure the spelling,
> capitalization, and punctuation are correct, then reload the page by
hitting
> the Enter or Return key on your keyboard.
>
> The link on security also mentioned that the buffer overrun was fixed.
> You are not convincing me.
> Glenn
> "limeaid" <limeaid@nospam.rocketmail.com> wrote in message
> news:Xns92A5C920BC63Elimeaidno
spamrocketm@216.148.227.77...
> > Glenn I hope you were kidding.
> > Reliability issues with Apache/UNIX?
> > Security Issues?
> >
> > Apache runs over 65% of the websites you visit.
> > Microsoft 25%
> > http://www.netcraft.com/survey/
> >
> > Security?
> > Do you not read SANS? How about any trade magazine?
> >
> > Microsoft Warns of 10 IIS Flaws
> > http://www.eweek.com/article2/0,3959,36938,00.asp
> >
> > Microsoft IIS most vulnerable
> >
http://www.zdnet.com.au/newstech/se...85,20261745,00.
> > htm
> >
> > 56% of all sites hacked were IIS
> > http://www.attrition.org/mirror/att...graphs.html#PIE
> >
> > It's one thing to give out your opinion but another to give opinion
based
> > on false statements.
> >
> > "Mercury" <evo_spook@hotmail.com> wrote in
> > news:uqhf5214dcja3b@corp.supernews.com:
> >
> > > Maybe, but its not my webserver and the webspace and name have been
> > > provided free of charge so I can't really complain ;-)
> > >
> > >
> > >
> > > "Glenn D. Crosse" <glenncrosse@earthlink.net> wrote in message
> > > news:##lxYpkcCHA.2456@tkmsftngp08...
> > >> It might be wise to dump Unix and go to MS2000.
> > >> First reason is reliability.
> > >> Second is security.
> > >> Third reason is it might be configurable.
> > >> Glenn
> > >> "Mercury" <evo_spook@hotmail.com> wrote in message
> > >> news:uqhbsos0k3vic1@corp.supernews.com...
> > >> > Firstly, sorry, I would have posted this on a more relevant site
> > >> > except
> > >> I'd
> > >> > like an answer now rather then next week.
> > >> >
> > >> > I'm working on a website, Unix, Apache server, got full permissions
> > >> > on
> > > the
> > >> > server, except in my HTML folder theres one folder within which is
> > > nestled
> > >> > some other folders and a few .txt files, the result of a php script
> > >> install
> > >> > which I tried to delete but it left this almost empty folder
> > >> > instead of deleting all of it.
> > >> >
> > >> > Everytime I try to delete it or chmod the files underneath it comes
> > >> > up
> > >> with
> > >> > 550 permissions denied WS_FTP, also tried deleting it using DOS and
> > >> > Dreamweaver), and the directory isn't protected at admin level, its
> > >> strange.
> > >> >
> > >> > Any thoughts anyone?
> > >> >
> > >> > Cheers
> > >> >
> > >> >
> > >>
> > >>
> > >
> > >
> >
>
>
| |
| Laura A. Robinson 2002-10-13, 12:24 am |
| circa Sun, 13 Oct 2002 02:42:53 +0100, in
microsoft.public.cert.exam.mcse, Mercury (evo_spook@hotmail.com)
said,
> unfortunatly I'm only accessing the server from my windows machine through
> FTP, so I'm not able to CHOWN it, well I don't think I can anyway I don't
> know to much of this thats why I'm asking you guys ;-)
>
You can CHOWN via FTP (although you may not be able to here because
of the server-side config).
You may want to take a look at SmartFTP:
http://www.smartftp.com/
Laura
--
Time flies like an arrow; fruit flies like a banana.
-Groucho Marx
| |
| Laura A. Robinson 2002-10-13, 12:24 am |
| circa Sun, 13 Oct 2002 00:45:42 GMT, in
microsoft.public.cert.exam.mcse, limeaid
(limeaid@nospam.rocketmail.com) said,
>
> Apache runs over 65% of the websites you visit.
> Microsoft 25%
> http://www.netcraft.com/survey/
>
The netcraft survey is not entirely accurate. No comment beyond that.
Laura
--
Time flies like an arrow; fruit flies like a banana.
-Groucho Marx
| |
| Laura A. Robinson 2002-10-13, 12:24 am |
| circa Sun, 13 Oct 2002 04:16:21 GMT, in
microsoft.public.cert.exam.mcse, "Gary - US" <gary_kcmo(NOSPAM)
@hotmail.com> ("Gary - US" <gary_kcmo(NOSPAM)@hotmail.com> ) said,
> Come now Glenn. You can't be serious about Windows being more secure than
> UNIX? Or more reliable? Surely you jest!
>
A *properly configured* Apache box and a *properly configured* IIS
box are pretty well equal. People who claim otherwise generally do so
because they've not worked with both, or because they've not
configured their servers appropriately.
Laura
--
Time flies like an arrow; fruit flies like a banana.
-Groucho Marx
| |
| limeaid 2002-10-13, 1:24 am |
| I'm not sure what you mean by "the netcraft survey is not entirely
accurate"
I've seen both sides of the IIS debate but never heard Netcraft is
"probably inaccurate"
I appreciate the input Laura but I would you could do your argument better
than saying the equivalent to "no it's not".
"Laura A. Robinson" < firstinitiallastname@technolog
ist.com> wrote in
news:MPG.1812c436ebdf1ea998a27e@msnews.microsoft.com:
> circa Sun, 13 Oct 2002 00:45:42 GMT, in
> microsoft.public.cert.exam.mcse, limeaid
> (limeaid@nospam.rocketmail.com) said,
>>
>> Apache runs over 65% of the websites you visit.
>> Microsoft 25%
>> http://www.netcraft.com/survey/
>>
> The netcraft survey is not entirely accurate. No comment beyond that.
>
> Laura
| |
| limeaid 2002-10-13, 1:24 am |
| I'm sure he a Microsoft track runner but that should not discredit his
opinion. None of the links I sent you are out of date, maybe word
wrapped funny - not out of date. It doesn't take much to research this
yourself either
www.google.com +iis +apache +security
We're talking about more than one buffer overrun that was fixed, we're
talking about every week more holes that admins must run to patch because
security isn't there priority. I know I'm not the only administrator
that spends an entire day "hardening" a WinNT/2000 server, registry
hacking, apply 60 Gigs of security patches and hotfixes - it's
ridiculous. "Would you like to restart the computer now?" Makes me wonder
how it worked before the patches. I assume you are a programmer from
your previous postings. All I can tell you is what I see day to day -
and that is we could clearly define a full time position in the security
configuration and updating of our Windows servers. I'm not sure how many
servers you've administered over your lifetime.
None the less I appreciate your comments and all others that come from
this. Hopefully we'll all take something from this discussion.
Here's more articles for your edification:
---begin quoted text----
When it comes to security, IIS doesn't come close to Apache. Apache's
security track record is excellent, while IIS has taken hit after
security hit. Just last week, Microsoft announced that 10 new security
holes (several of which were serious buffer overruns) had been discovered
in IIS.
http://www.eweek.com/article2/0,3959,3763,00.asp
Excerpt taken from Microsoft Certified Professional Magazine
"Because conventional IIS defenses are pitifully inadequate, IIS has been
a sitting duck to hackers (novices and experts)."
"Gary - US" <gary_kcmo(NOSPAM)@hotmail.com> wrote in
news:5v6q9.93$GE4.37269613@newssvr11.news.prodigy.com:
> Glenn let me guess. You work for MS. You must because you certainly
> can't believe this mess you are spewing out.
>
> --
>
> Semper Fi,
> Gary
> "Glenn D. Crosse" <glenncrosse@earthlink.net> wrote in message
> news:#5OJHRlcCHA.2492@tkmsftngp12...
>> While I agree on the percentage of web sites, the other links you
>> posted
> are
>> out of date.
>> One of the links gave the following message:
>> We were unable to find the page you requested.
>>
>> If you arrived here by typing a URL, please make sure the spelling,
>> capitalization, and punctuation are correct, then reload the page by
> hitting
>> the Enter or Return key on your keyboard.
>>
>> The link on security also mentioned that the buffer overrun was
>> fixed. You are not convincing me.
>> Glenn
>> "limeaid" <limeaid@nospam.rocketmail.com> wrote in message
>> news:Xns92A5C920BC63Elimeaidno
spamrocketm@216.148.227.77...
>> > Glenn I hope you were kidding.
>> > Reliability issues with Apache/UNIX?
>> > Security Issues?
>> >
>> > Apache runs over 65% of the websites you visit.
>> > Microsoft 25%
>> > http://www.netcraft.com/survey/
>> >
>> > Security?
>> > Do you not read SANS? How about any trade magazine?
>> >
>> > Microsoft Warns of 10 IIS Flaws
>> > http://www.eweek.com/article2/0,3959,36938,00.asp
>> >
>> > Microsoft IIS most vulnerable
>> >
> http://www.zdnet.com.au/newstech/se...4985,20261745,0
> 0.
>> > htm
>> >
>> > 56% of all sites hacked were IIS
>> > http://www.attrition.org/mirror/att...graphs.html#PIE
>> >
>> > It's one thing to give out your opinion but another to give opinion
> based
>> > on false statements.
>> >
>> > "Mercury" <evo_spook@hotmail.com> wrote in
>> > news:uqhf5214dcja3b@corp.supernews.com:
>> >
>> > > Maybe, but its not my webserver and the webspace and name have
>> > > been provided free of charge so I can't really complain ;-)
>> > >
>> > >
>> > >
>> > > "Glenn D. Crosse" <glenncrosse@earthlink.net> wrote in message
>> > > news:##lxYpkcCHA.2456@tkmsftngp08...
>> > >> It might be wise to dump Unix and go to MS2000.
>> > >> First reason is reliability.
>> > >> Second is security.
>> > >> Third reason is it might be configurable.
>> > >> Glenn
>> > >> "Mercury" <evo_spook@hotmail.com> wrote in message
>> > >> news:uqhbsos0k3vic1@corp.supernews.com...
>> > >> > Firstly, sorry, I would have posted this on a more relevant
>> > >> > site except
>> > >> I'd
>> > >> > like an answer now rather then next week.
>> > >> >
>> > >> > I'm working on a website, Unix, Apache server, got full
>> > >> > permissions on
>> > > the
>> > >> > server, except in my HTML folder theres one folder within
>> > >> > which is
>> > > nestled
>> > >> > some other folders and a few .txt files, the result of a php
>> > >> > script
>> > >> install
>> > >> > which I tried to delete but it left this almost empty folder
>> > >> > instead of deleting all of it.
>> > >> >
>> > >> > Everytime I try to delete it or chmod the files underneath it
>> > >> > comes up
>> > >> with
>> > >> > 550 permissions denied WS_FTP, also tried deleting it using
>> > >> > DOS and Dreamweaver), and the directory isn't protected at
>> > >> > admin level, its
>> > >> strange.
>> > >> >
>> > >> > Any thoughts anyone?
>> > >> >
>> > >> > Cheers
>> > >> >
>> > >> >
>> > >>
>> > >>
>> > >
>> > >
>> >
>>
>>
>
>
| |
| Laura A. Robinson 2002-10-13, 4:24 am |
| circa Sun, 13 Oct 2002 05:28:07 GMT, in
microsoft.public.cert.exam.mcse, limeaid
(limeaid@nospam.rocketmail.com) said,
>
> I'm not sure what you mean by "the netcraft survey is not entirely
> accurate"
Because its results are based on the banners that are retrieved from
web sites during http servername retrievals, and many sites use
modified banners to misidentify the server as it's a simple mechanism
for defusing script kiddies.
>
> I've seen both sides of the IIS debate but never heard Netcraft is
> "probably inaccurate"
Why the quotes around "probably inaccurate", since I didn't say that?
>
> I appreciate the input Laura but I would you could do your argument better
> than saying the equivalent to "no it's not".
See above. Or read Netcraft's site a little more carefully.
"We collect and collate as many hostnames providing an http service
as we can find, and systematically poll each one with an HTTP request
for the server name. "
Laura
--
Time flies like an arrow; fruit flies like a banana.
-Groucho Marx
| |
| KLXrider 2002-10-13, 11:24 pm |
| But, a properly configured Apache box does not need to be patched weekly.
Even Apache running on a W2k box is better then IIS.
MRW
"Laura A. Robinson" < firstinitiallastname@technolog
ist.com> wrote in message
news:MPG.1812c4a02524315698a27f@msnews.microsoft.com...
> A *properly configured* Apache box and a *properly configured* IIS
> box are pretty well equal. People who claim otherwise generally do so
> because they've not worked with both, or because they've not
> configured their servers appropriately.
| |
| Laura A. Robinson 2002-10-14, 7:24 am |
| circa Sun, 13 Oct 2002 20:55:31 -0700, in
microsoft.public.cert.exam.mcse, KLXrider (mike@email.com) said,
> But, a properly configured Apache box does not need to be patched weekly.
> Even Apache running on a W2k box is better then IIS.
>
Come on now, you know how Apache got its name, right?
Laura
--
Time flies like an arrow; fruit flies like a banana.
-Groucho Marx
| |
| limeaid 2002-10-14, 10:24 am |
| Laura Said:
> Because its results are based on the banners that are retrieved from
> web sites during http servername retrievals, and many sites use
> modified banners to misidentify the server as it's a simple mechanism
> for defusing script kiddies.
Given this line of reasoning then we can assume that anyone reported on
the Netcraft report using IIS is using Apache or Netscape and anyone
reported using Apache or Netscape is probably using IIS.
Where did you get the statement "many sites use modified banners.."
anyway? Did you take a poll? Did you read it somewhere? It sounds like a
thing people might do - but they don't.
Sites get hacked everyday so I really doubt anyone is changing their
banner.
Since security through deception is such a viable tactic like you imply I
wonder why most companies don't do it?
Microsoft reports using IIS
Dell reports using IIS
Apache reports using Apache
IBM reports using Apache
MIT reports using Apache
If it was something that companies did (and it worked - "defusing script
kiddies") I wonder why so many sites continue to get hacked. Do the
people at MIT just don't know what they're doing? Have they not heard
yet that changing you banner to report the wrong webserver protect them
from all harm?
All this talk about netcraft is getting away from the original poster.
I'll definitely agree that the survey numbers they report are not
accurate due to virtual hosting reporting - not banner changing.
If you want to run IIS - then you have to use windows
If you want to run apache - you can use any OS you want
| |
| KLXrider 2002-10-14, 12:24 pm |
| A-patch-e(mail)
But that was before it was a mainstay in the public internet forum.
MRW
"Laura A. Robinson" < firstinitiallastname@technolog
ist.com> wrote in message
news:MPG.181475c25131a88398a286@msnews.microsoft.com...
> circa Sun, 13 Oct 2002 20:55:31 -0700, in
> microsoft.public.cert.exam.mcse, KLXrider (mike@email.com) said,
> > But, a properly configured Apache box does not need to be patched
weekly.
> > Even Apache running on a W2k box is better then IIS.
> >
> Come on now, you know how Apache got its name, right?
>
> Laura
> --
> Time flies like an arrow; fruit flies like a banana.
> -Groucho Marx
| |
| KLXrider 2002-10-14, 12:24 pm |
| Last time I checked MIT ran OpenVMS on their public systems, that is
security through obscurity. Most "script kiddies" arn't old enough or
bright enough to hack OpenVMS.
Ahh I long for the days when we were Systems Managers and not Admins and
needed to be able to write code to get the job.
MRW
"limeaid" <limeaid@nospam.rocketmail.com> wrote in message
news:Xns92A7660CE4AE1limeaidno
spamrocketm@63.240.76.16...
> Laura Said:
.. Do the people at MIT just don't know what they're doing? Have they not
heard
> yet that changing you banner to report the wrong webserver protect them
> from all harm?
>
| |
| Laura A. Robinson 2002-10-14, 8:24 pm |
| circa Mon, 14 Oct 2002 15:01:16 GMT, in
microsoft.public.cert.exam.mcse, limeaid
(limeaid@nospam.rocketmail.com) said,
> Laura Said:
> > Because its results are based on the banners that are retrieved from
> > web sites during http servername retrievals, and many sites use
> > modified banners to misidentify the server as it's a simple mechanism
> > for defusing script kiddies.
>
> Given this line of reasoning then we can assume that anyone reported on
> the Netcraft report using IIS is using Apache or Netscape and anyone
> reported using Apache or Netscape is probably using IIS.
Exactly my point.
>
> Where did you get the statement "many sites use modified banners.."
> anyway? Did you take a poll? Did you read it somewhere? It sounds like a
> thing people might do - but they don't.
And *your* proof is? How many sites have you fingerprinted?
> Sites get hacked everyday so I really doubt anyone is changing their
> banner.
That is not a logical conclusion.
>
> Since security through deception is such a viable tactic like you imply I
> wonder why most companies don't do it?
1. I didn't "imply" anything, and I'm not sure why you have so much
trouble with reading.
2. Your evidence is what?
>
> Microsoft reports using IIS
> Dell reports using IIS
> Apache reports using Apache
> IBM reports using Apache
> MIT reports using Apache
Of course they do. And you're telling me that every site Netcraft
hits accurately reports the server config? Get real.
>
> If it was something that companies did (and it worked - "defusing script
> kiddies") I wonder why so many sites continue to get hacked.
<sigh> Now you're just being ridiculous.
> Do the
> people at MIT just don't know what they're doing? Have they not heard
> yet that changing you banner to report the wrong webserver protect them
> from all harm?
And as I said, you apparently can't read. And you're a dick.
>
> All this talk about netcraft is getting away from the original poster.
> I'll definitely agree that the survey numbers they report are not
> accurate due to virtual hosting reporting - not banner changing.
Okay, let me see if I have this straight- I said:
"The netcraft survey is not entirely accurate. No comment beyond
that."
And you lambaste me, yet you turn around and present it like it's
your brilliant idea?
>
> If you want to run IIS - then you have to use windows
> If you want to run apache - you can use any OS you want
And this is relevant to what?
Never mind, don't answer that. Your logic is flawed and boring to me.
Sorry.
Laura
--
Time flies like an arrow; fruit flies like a banana.
-Groucho Marx
| |
| Laura A. Robinson 2002-10-14, 8:24 pm |
| circa Mon, 14 Oct 2002 09:33:58 -0700, in
microsoft.public.cert.exam.mcse, KLXrider (mike@email.com) said,
>
> A-patch-e(mail)
>
> But that was before it was a mainstay in the public internet forum.
>
Yup.
--
Time flies like an arrow; fruit flies like a banana.
-Groucho Marx
| |
| gr33nd4yg1rl 2002-10-20, 3:22 am |
| these forums are against dumping
 |
|
|
|
|