Some Links of interest:
Sam Freedom's Internet Marketing Controversy Blog

Custom Logo Design at no cost!



Join my Notify List and get email when I update my site:
Powered by

Wednesday, August 31, 2005

Perl Hackers

In my years of managing my own server (ok, I'm not the one managing it but my server administrator and I work closely together, so I'm involved... somewhat, ok?)
Anyways... in those years of server management :)... I've come to realize that Perl - based scripts are more a liability than an asset (side-note, I recommend PHP to everyone). The reason being that PERL or CGI requires some special attention to security and even then, usually leaves doors wide-opened for hackers to get in. Their preferred method is using processes that are usually owned by the server (to make it look like the server is running the process) and to upload scripts giving them access to shell.
After numerous attacks originating with he above-mentioned methods, we've developed a custom system that blocks Perl process from being run locally so it allows only authorized processed to run and blocks all others. This, coupled with tight firewall settings and other basic security settings has discouraged most of the attacks and we're now mostly attack free (successful attacks anyways). So if you have your own server and are experiencing similar problems... you might want to try a similar approach or contact me for more details on the custom solution we implemented.


Post a Comment

<< Home