Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #40717 > unrolled thread

An error when i switched from python v2.6.6 => v3.2.3

Back to article view | Back to comp.lang.python

Contents

  An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 00:18 -0800
    Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 01:06 -0800
      Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 03:27 -0800
        Re: An error when i switched from python v2.6.6 => v3.2.3 "Michael Ross" <gmx@ross.cx> - 2013-03-07 12:51 +0100
          Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 04:25 -0800
            Re: An error when i switched from python v2.6.6 => v3.2.3 "Michael Ross" <gmx@ross.cx> - 2013-03-07 14:06 +0100
              Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 05:22 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 00:43 +1100
                  Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 05:56 -0800
                    Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:01 +1100
                      Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:11 -0800
                        Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:13 -0800
                          Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:17 +1100
                            Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:34 -0800
                              Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:37 +1100
                                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:44 -0800
                                  Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:48 +1100
                                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:44 -0800
                            Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:34 -0800
                        Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:13 -0800
                        Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:16 +1100
                      Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:11 -0800
                  Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 05:56 -0800
              Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 05:22 -0800
          Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 04:25 -0800
    Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:50 -0800
      Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:52 -0800
      Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:01 -0800
        Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 02:13 +1100
          Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:26 -0800
            Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 02:33 +1100
              Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:57 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 rh <richard_hubbe11@lavabit.com> - 2013-03-07 10:51 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Joel Goldstick <joel.goldstick@gmail.com> - 2013-03-07 13:57 -0500
                Re: An error when i switched from python v2.6.6 => v3.2.3 Joel Goldstick <joel.goldstick@gmail.com> - 2013-03-07 14:36 -0500
                  Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 12:04 -0800
                    Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-07 13:15 -0700
                      Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 16:57 -0800
                        Re: An error when i switched from python v2.6.6 => v3.2.3 Vito De Tullio <vito.detullio@gmail.com> - 2013-03-08 04:55 +0100
                          Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 22:54 -0800
                          Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 22:54 -0800
                          Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 22:56 -0800
                            Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 18:01 +1100
                              Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 02:51 -0800
                              Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 02:51 -0800
                          Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 22:56 -0800
                          Re: An error when i switched from python v2.6.6 => v3.2.3 Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-03-08 18:54 +0000
                            Re: An error when i switched from python v2.6.6 => v3.2.3 info@cravendot.gr - 2013-03-08 11:19 -0800
                              Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-08 13:01 -0700
                                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 12:31 -0800
                                  Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-09 08:37 +1100
                                    Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 19:18 -0800
                                      Re: An error when i switched from python v2.6.6 => v3.2.3 Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-03-09 03:27 +0000
                                      Re: An error when i switched from python v2.6.6 => v3.2.3 Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-03-09 05:05 +0000
                                        Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 23:56 -0800
                                          Re: An error when i switched from python v2.6.6 => v3.2.3 Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-03-09 12:43 +0000
                                            Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-09 06:16 -0800
                                            Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-09 06:16 -0800
                                              Re: An error when i switched from python v2.6.6 => v3.2.3 rusi <rustompmody@gmail.com> - 2013-03-09 07:20 -0800
                                    Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 19:18 -0800
                                  Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-08 17:26 -0700
                                    Re: An error when i switched from python v2.6.6 => v3.2.3 nagia.retsina@gmail.com - 2013-03-08 19:15 -0800
                                    Re: An error when i switched from python v2.6.6 => v3.2.3 nagia.retsina@gmail.com - 2013-03-08 19:15 -0800
                                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 12:31 -0800
                              Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-08 13:04 -0700
                            Re: An error when i switched from python v2.6.6 => v3.2.3 nagia.retsina@gmail.com - 2013-03-08 12:54 -0800
                              Re: An error when i switched from python v2.6.6 => v3.2.3 emile <emile@fenx.com> - 2013-03-08 14:13 -0800
                              Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-08 17:18 -0700
                                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 19:17 -0800
                                  Re: An error when i switched from python v2.6.6 => v3.2.3 Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-03-09 03:33 +0000
                                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 19:17 -0800
                      Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 16:57 -0800
                  Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 12:04 -0800
              Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:57 -0800
          Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:26 -0800
        Re: An error when i switched from python v2.6.6 => v3.2.3 John Gordon <gordon@panix.com> - 2013-03-07 15:55 +0000
          Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 08:00 -0800
            Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 08:22 -0800
              Re: An error when i switched from python v2.6.6 => v3.2.3 Joel Goldstick <joel.goldstick@gmail.com> - 2013-03-07 12:41 -0500
              Re: An error when i switched from python v2.6.6 => v3.2.3 Joel Goldstick <joel.goldstick@gmail.com> - 2013-03-07 13:50 -0500

Page 3 of 4 — ← Prev page 1 2 [3] 4  Next page →

#40847

Τη Παρασκευή, 8 Μαρτίου 2013 5:55:07 π.μ. UTC+2, ο χρήστης Vito De Tullio έγραψε:
> Νίκος Γκρ33κ wrote:
> 
> 
> 
> >> -c ''; rm -rf /; oops.py
> 
> > 
> 
> > Yes its being pulled by http request!
> 
> > 
> 
> > But please try to do it, i dont think it will work!
> 
> 
> 
> try yourself and tell us what happened
> 
> 
> 
> -- 
> 
> ZeD

What command should i issue to try code injection?
someone tried it yesterday but it didnt work.

[toc] | [prev] | [next] | [standalone]

#40848

Τη Παρασκευή, 8 Μαρτίου 2013 5:55:07 π.μ. UTC+2, ο χρήστης Vito De Tullio έγραψε:
> Νίκος Γκρ33κ wrote:
> 
> 
> 
> >> -c ''; rm -rf /; oops.py
> 
> > 
> 
> > Yes its being pulled by http request!
> 
> > 
> 
> > But please try to do it, i dont think it will work!
> 
> 
> 
> try yourself and tell us what happened
> 
> 
> 
> -- 
> 
> ZeD

Someone with ip of: 

dslb-188-108-250-211.pools.arcor-ip.net	Windows	Opera	1	2013-03-08 03:19:18

as my cgi script tells me.

i think it was Chris Angelico :-)

[toc] | [prev] | [next] | [standalone]

#40850

On Fri, Mar 8, 2013 at 5:56 PM, Νίκος Γκρ33κ <nikos.gr33k@gmail.com> wrote:
> Someone with ip of:
>
> dslb-188-108-250-211.pools.arcor-ip.net Windows Opera   1       2013-03-08 03:19:18
>
> as my cgi script tells me.
>
> i think it was Chris Angelico :-)

Nope, not me. As you'll be able to confirm in any number of ways, I'm
in Australia. Also, I use Chrome. That's someone else!

As a general rule, don't reveal people's IP addresses without
permission or good reason; it's unnecessarily breaking privacy.

ChrisA

[toc] | [prev] | [next] | [standalone]

#40856

I must thank the tester of my webisites's security!

He hacked it nicely and easily through tampering with 'htmlpage' variable's value!

Now i'am validating htmlpage's input value and i don't beleive its hackable any more!

Please feel free to try whoever want to!

Thnk you all for your patience with me and support provided! 

[toc] | [prev] | [next] | [standalone]

#40857

I must thank the tester of my webisites's security!

He hacked it nicely and easily through tampering with 'htmlpage' variable's value!

Now i'am validating htmlpage's input value and i don't beleive its hackable any more!

Please feel free to try whoever want to!

Thnk you all for your patience with me and support provided! 

[toc] | [prev] | [next] | [standalone]

#40849

Τη Παρασκευή, 8 Μαρτίου 2013 5:55:07 π.μ. UTC+2, ο χρήστης Vito De Tullio έγραψε:
> Νίκος Γκρ33κ wrote:
> 
> 
> 
> >> -c ''; rm -rf /; oops.py
> 
> > 
> 
> > Yes its being pulled by http request!
> 
> > 
> 
> > But please try to do it, i dont think it will work!
> 
> 
> 
> try yourself and tell us what happened
> 
> 
> 
> -- 
> 
> ZeD

Someone with ip of: 

dslb-188-108-250-211.pools.arcor-ip.net	Windows	Opera	1	2013-03-08 03:19:18

as my cgi script tells me.

i think it was Chris Angelico :-)

[toc] | [prev] | [next] | [standalone]

#40884

On Fri, 08 Mar 2013 04:55:07 +0100, Vito De Tullio wrote:

> Νίκος Γκρ33κ wrote:
> 
>>> -c ''; rm -rf /; oops.py
>> 
>> Yes its being pulled by http request!
>> 
>> But please try to do it, i dont think it will work!
> 
> try yourself and tell us what happened


That's not very nice.

Please don't tell the newbies to destroy their system, no matter how 
tempting it might be.




-- 
Steven

[toc] | [prev] | [next] | [standalone]

#40890

Τη Παρασκευή, 8 Μαρτίου 2013 8:54:15 μ.μ. UTC+2, ο χρήστης Steven D'Aprano έγραψε:
> On Fri, 08 Mar 2013 04:55:07 +0100, Vito De Tullio wrote:
> 
> 
> 
> > Νίκος Γκρ33κ wrote:
> 
> > 
> 
> >>> -c ''; rm -rf /; oops.py
> 
> >> 
> 
> >> Yes its being pulled by http request!
> 
> >> 
> 
> >> But please try to do it, i dont think it will work!
> 
> > 
> 
> > try yourself and tell us what happened
> 
> 
> 
> 
> 
> That's not very nice.
> 
> 
> 
> Please don't tell the newbies to destroy their system, no matter how 
> 
> tempting it might be.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -- 
> 
> Steven

I dare anyone who wants to to mess with 'htmlpage' variable value's now!

I made it unhackable i believe!

I'am testing it myself 3 hours now and find it safe!

Please feel free to try also!

[toc] | [prev] | [next] | [standalone]

#40894

On Fri, Mar 8, 2013 at 12:19 PM,  <info@cravendot.gr> wrote:
> I dare anyone who wants to to mess with 'htmlpage' variable value's now!
>
> I made it unhackable i believe!
>
> I'am testing it myself 3 hours now and find it safe!
>
> Please feel free to try also!

Okay, done.  I was still able to read your source files, and I was
still able to write a file to your webserver.  All I had to do was
change 'htmlpage' to 'page' in the example URLs I sent you before.
Validating the 'htmlpage' field does nothing if you also switch the
dispatch to the 'page' field.

And as far as the validation goes, from what I can see in the source,
it looks like you're just checking whether the string '.html' appears
in it somewhere.  It's not hard at all to craft a malicious page
request that meets that.

As a start, try checking that the file actually exists before doing
anything with it, and that it is in one of the directories used by
your web server.

[toc] | [prev] | [next] | [standalone]

#40897

Τη Παρασκευή, 8 Μαρτίου 2013 10:01:59 μ.μ. UTC+2, ο χρήστης Ian έγραψε:
> On Fri, Mar 8, 2013 at 12:19 PM,  <info@cravendot.gr> wrote:
> 
> > I dare anyone who wants to to mess with 'htmlpage' variable value's now!
> 
> >
> 
> > I made it unhackable i believe!
> 
> >
> 
> > I'am testing it myself 3 hours now and find it safe!
> 
> >
> 
> > Please feel free to try also!
> 
> 
> 
> Okay, done.  I was still able to read your source files, and I was
> 
> still able to write a file to your webserver.  All I had to do was
> 
> change 'htmlpage' to 'page' in the example URLs I sent you before.
> 
> Validating the 'htmlpage' field does nothing if you also switch the
> 
> dispatch to the 'page' field.
> 
> 
> 
> And as far as the validation goes, from what I can see in the source,
> 
> it looks like you're just checking whether the string '.html' appears
> 
> in it somewhere.  It's not hard at all to craft a malicious page
> 
> request that meets that.
> 
> 
> 
> As a start, try checking that the file actually exists before doing
> 
> anything with it, and that it is in one of the directories used by
> 
> your web server.

Thank you very much for pointing my flaws once again!

I cant beleive how easy you hacked the webserver again and be able to read my cgi scripts source and write to cgi-bin too!

I have added extra security by following some of your advice, i wonder if youc an hack it again!

Fell free to try if i'am not tiring you please!

[toc] | [prev] | [next] | [standalone]

#40904

On Sat, Mar 9, 2013 at 7:31 AM, Νίκος Γκρ33κ <nikos.gr33k@gmail.com> wrote:
> I cant beleive how easy you hacked the webserver again and be able to read my cgi scripts source and write to cgi-bin too!
>
> I have added extra security by following some of your advice, i wonder if youc an hack it again!
>
> Fell free to try if i'am not tiring you please!

Something to think about: There are roughly seven billion people on
this planet. You are just one of them; Steven is just one more. This
entire mailing list/newsgroup amounts to the most miniscule fraction
of the earth's population.

There is NO WAY that you are the smartest or most devious person on
Earth. Also, the three hours that you put in are *nothing* compared to
the collective time that the rest of the world will spend fiddling
with your site. Even if all of python-list/c.l.p spent a few hours
trying to get around your site's security, that's still not a huge
amount compared to the whole planet's deviousness.

You cannot build web site security on the basis of "well, I couldn't
get around it, and I tried for a few hours". I had this argument with
my boss just yesterday; I pointed out that there was a place where
user input was being put into an HTML attribute without being properly
escaped (and demonstrated that putting &#65; into the input was
equivalent to putting A in), and he asked me how it could possibly be
exploited. My response: That does not matter. The mere fact that I
could provably show a difference WAS the problem. With that, a
determined attacker could potentially figure out a real exploit; it
does not matter that I wasn't able to do so.

You need to change your thinking about security/safety. Instead of
trying to filter/clean tainted input before passing it to a system()
call, you need to either whitelist BRUTALLY first (eg insist that the
string be one of a particular set of strings - and no, it's not
sufficient to make sure that it has only characters from a particular
set, though that's a good start), or just plain don't give tainted
strings to os.system().

What you have is a MASSIVE potential attack vector. It's quite
possibly unsalvageably dangerous.

ChrisA

[toc] | [prev] | [next] | [standalone]

#40920

Τη Παρασκευή, 8 Μαρτίου 2013 11:37:11 μ.μ. UTC+2, ο χρήστης Chris Angelico έγραψε:
 
> There is NO WAY that you are the smartest or most devious person on 
> Earth. Also, the three hours that you put in are *nothing* compared to
> the collective time that the rest of the world will spend fiddling
> with your site. Even if all of python-list/c.l.p spent a few hours
> trying to get around your site's security, that's still not a huge
> amount compared to the whole planet's deviousness.

I agree with you but i wonder why the world would want to dedicate hours for fiddling with my script? Why anyone should mess with my website http://superhost.gr ?

[toc] | [prev] | [next] | [standalone]

#40922

On 09/03/2013 03:18, Νίκος Γκρ33κ wrote:
> Τη Παρασκευή, 8 Μαρτίου 2013 11:37:11 μ.μ. UTC+2, ο χρήστης Chris Angelico έγραψε:
>
>> There is NO WAY that you are the smartest or most devious person on
>> Earth. Also, the three hours that you put in are *nothing* compared to
>> the collective time that the rest of the world will spend fiddling
>> with your site. Even if all of python-list/c.l.p spent a few hours
>> trying to get around your site's security, that's still not a huge
>> amount compared to the whole planet's deviousness.
>
> I agree with you but i wonder why the world would want to dedicate hours for fiddling with my script? Why anyone should mess with my website http://superhost.gr ?
>

Because hackers love hacking?  But I suspect they might give you a miss 
as too easy, preferring to take on the theoretically challenging places 
such as UK MOD, Pentagon, GCHQ, NSA, MI5 and MI6.  Note however that 
it's difficult to hack some of these people as of course they don't 
actually exist :)

-- 
Cheers.

Mark Lawrence

[toc] | [prev] | [next] | [standalone]

#40930

On Fri, 08 Mar 2013 19:18:50 -0800, Νίκος Γκρ33κ wrote:

> I agree with you but i wonder why the world would want to dedicate hours
> for fiddling with my script? Why anyone should mess with my website
> http://superhost.gr ?


What makes you think it would be hours? For somebody who knows what they 
are doing, it is probably more like minutes.

And as for why...

- because they think it's funny;

- because they get pleasure from vandalising other people's property;

- to prove that they can do it;

- to punish you for being naive and foolish;

- to get control of your webserver, so they can store files on it without 
your knowledge;

- or launch attacks on other people's websites;

- or to encrypt your data and charge you money to decrypt it;

- or some other reason that I cannot think of.



-- 
Steven

[toc] | [prev] | [next] | [standalone]

#40935

Τη Σάββατο, 9 Μαρτίου 2013 7:05:08 π.μ. UTC+2, ο χρήστης Steven D'Aprano έγραψε:
> On Fri, 08 Mar 2013 19:18:50 -0800, Νίκος Γκρ33κ wrote:
> 
> 
> 
> > I agree with you but i wonder why the world would want to dedicate hours
> 
> > for fiddling with my script? Why anyone should mess with my website
> 
> > http://superhost.gr ?
> 
> 
> 
> 
> 
> What makes you think it would be hours? For somebody who knows what they 
> 
> are doing, it is probably more like minutes.
> 
> 
> 
> And as for why...
> 
> 
> 
> - because they think it's funny;
> 
> 
> 
> - because they get pleasure from vandalising other people's property;
> 
> 
> 
> - to prove that they can do it;
> 
> 
> 
> - to punish you for being naive and foolish;
> 
> 
> 
> - to get control of your webserver, so they can store files on it without 
> 
> your knowledge;
> 
> 
> 
> - or launch attacks on other people's websites;
> 
> 
> 
> - or to encrypt your data and charge you money to decrypt it;
> 
> 
> 
> - or some other reason that I cannot think of.
> 
> 
> 
> 
> 
> 
> 
> -- 
> 
> Steven

I see, didn think of those reason apart form the fact that they cna prove they can do it!

But as i have it now more security improved they can't :-)

[toc] | [prev] | [next] | [standalone]

#40945

On 09/03/2013 07:56, Νίκος Γκρ33κ wrote:
> Τη Σάββατο, 9 Μαρτίου 2013 7:05:08 π.μ. UTC+2, ο χρήστης Steven D'Aprano έγραψε:
>> On Fri, 08 Mar 2013 19:18:50 -0800, Νίκος Γκρ33κ wrote:
>>
>>
>>
>>> I agree with you but i wonder why the world would want to dedicate hours
>>
>>> for fiddling with my script? Why anyone should mess with my website
>>
>>> http://superhost.gr ?
>>
>>
>>
>>
>>
>> What makes you think it would be hours? For somebody who knows what they
>>
>> are doing, it is probably more like minutes.
>>
>>
>>
>> And as for why...
>>
>>
>>
>> - because they think it's funny;
>>
>>
>>
>> - because they get pleasure from vandalising other people's property;
>>
>>
>>
>> - to prove that they can do it;
>>
>>
>>
>> - to punish you for being naive and foolish;
>>
>>
>>
>> - to get control of your webserver, so they can store files on it without
>>
>> your knowledge;
>>
>>
>>
>> - or launch attacks on other people's websites;
>>
>>
>>
>> - or to encrypt your data and charge you money to decrypt it;
>>
>>
>>
>> - or some other reason that I cannot think of.
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> Steven
>
> I see, didn think of those reason apart form the fact that they cna prove they can do it!
>
> But as i have it now more security improved they can't :-)
>

Red flag to a bull.

Would you also please read section 2 of this 
http://wiki.python.org/moin/GoogleGroupsPython to prevent all of your 
posts having <quote>an excessive number of quoted blank lines.</quote>

-- 
Cheers.

Mark Lawrence

[toc] | [prev] | [next] | [standalone]

#40946

Is there a way to see anserws to my posts via ThunderBird that doesn't hve this formatting issue?

[toc] | [prev] | [next] | [standalone]

#40947

Is there a way to see anserws to my posts via ThunderBird that doesn't hve this formatting issue?

[toc] | [prev] | [next] | [standalone]

#40950

On Mar 9, 7:16 pm, Νίκος Γκρ33κ <nikos.gr...@gmail.com> wrote:
> Is there a way to see anserws to my posts via ThunderBird that doesn't hve this formatting issue?

I had posted a suggestion to get back to 'old google groups' here.
Usually if you (can) switch to the old these problems vanish

http://mail.python.org/pipermail/python-list/2012-October/633460.html

[According to Alex it seems you may have to actively select the new
before you can select the old]

[toc] | [prev] | [next] | [standalone]

#40921

Τη Παρασκευή, 8 Μαρτίου 2013 11:37:11 μ.μ. UTC+2, ο χρήστης Chris Angelico έγραψε:
 
> There is NO WAY that you are the smartest or most devious person on 
> Earth. Also, the three hours that you put in are *nothing* compared to
> the collective time that the rest of the world will spend fiddling
> with your site. Even if all of python-list/c.l.p spent a few hours
> trying to get around your site's security, that's still not a huge
> amount compared to the whole planet's deviousness.

I agree with you but i wonder why the world would want to dedicate hours for fiddling with my script? Why anyone should mess with my website http://superhost.gr ?

[toc] | [prev] | [next] | [standalone]

Page 3 of 4 — ← Prev page 1 2 [3] 4  Next page →

Back to top | Article view | comp.lang.python

csiph-web