There is a major difference: You are talking about SSH and Linux, this combination running on hundred milions of network devices accross whole internet. Thus develop intruding scripts does make sense. But I am using Windows shell scripts as CGI, which is EXTREMELY rare. Who will study this technique to intrude my (or very few another) systems? No one.... trust me ;-)
L. BTW: If someone did it anyway, I will give him medal and start experinces sharing to him > You'd be surprised by what is out there trying to get into your system. > I had port 22 open on my home router to go to a Linux machine so I could SSH > into my home network from anywhere in the world, even though I rarely ever > leave the 519 area code. One day I went to look at my messages log file and > noted numerous brute force attempts to get into my machine. Fortunately, the > machine is setup so that you can't SSH in as root, and the single login name > that has any kind of access root capable access is intentionally camel cased > to thwart name dictionary attacks. The attacks were automated at their end, > obviously, but if you have a machine exposed, someone is going to have > software that will do anything and everything to gain access through whatever > weakest link you have. > I'm on a residential cable line, with an IP that changes periodically, > however, I'm still subject to attacks. SSH is a common thing, and what you > have written may not be interesting to the hacker space as a whole, however, > there is that one idiot out there that WILL take the time to break into your > system for jollies. > On Fri, Sep 11, 2015 at 6:12 AM, Petr L?z?ovsk? <lazna at volny.cz> wrote: > Never heard about this. Thinked about this a bit, but have no idea how it > could menace my CGI application. But as far I am a beginner, expecting it > could be a menace but rely on Security by obscurity. Some time a go, when I > start writing CGI powered by windows shell scripts, I have serched (almost > whole) internet for some examples or informations, but I found nothing..... > That means I am lonely with this technique ;-) No hacker will study such > weird technique to intrude only one system on whole internet ;-) > > L.
