Petr, You are making a number of fundamental mistakes with your security.
1. Security through obscurity is your first mistake. There is no such thing. 2. Assuming that nobody is writing CGI scripts on Windows Servers is your next mistake. A lot of systems still do this, a lot of old systems still use this technique and some new ones, The attack vector is not necessarily through your CGI script itself but through the Windows Web server. Unless you have patched and patched and patched your web server, you will be attacked. 3. You assume that nobody is interested in your machine. Wrong. A lot of people are very interested as they can add your hacked server to their bonnet and sell your resources on. Your machine does not have to be publicised at all. As an example, I have a private server which I use. It has no DNS entry (a common way to search for machines), so is only accessible through an IP address which has never been published. It only has a single ssh port open and port 80 for a private web server running some software there rest of the machine is locked down as best I can. The lock down took me a day to do. It is not trivial. My last weekly report showed over 200,000 attempts to break into the machine via ssh, http, and various CGI exploits. Thats 200,000 robot attempts, the most prevalent was an ssh attempt from a single machine which accounted for 72,000 goes. A public web server I have has over 1M hacking attempts per week. This is for a low usage machine. I give your machine less than 24 hours once it is live on the internet if you put it on without taking security seriously. You need to get the OS patched up, the ports closed down, the web server patched up and correctly configured. Out of the box the security on a Windows server (depending on the version) is poor. You need to learn what you need to do (and there are loads of guides on the internet) otherwise your server will be owned by somebody else very quickly. To be blunt you have misunderstood computer security, Saying ?trust me? doesn?t work. Best of luck, Rob > On 11 Sep 2015, at 13:42, Petr L?z?ovsk? <lazna at volny.cz> wrote: > > There is a major difference: You are talking about SSH and Linux, this > combination running on hundred milions of network devices accross whole > internet. Thus develop intruding scripts does make sense. But I am using > Windows shell scripts as CGI, which is EXTREMELY rare. Who will study this > technique to intrude my (or very few another) systems? No one.... trust me ;-) > > L. > > BTW: If someone did it anyway, I will give him medal and start experinces > sharing to him > >> You'd be surprised by what is out there trying to get into your system. > >> I had port 22 open on my home router to go to a Linux machine so I could SSH >> into my home network from anywhere in the world, even though I rarely ever >> leave the 519 area code. One day I went to look at my messages log file and >> noted numerous brute force attempts to get into my machine. Fortunately, >> the machine is setup so that you can't SSH in as root, and the single login >> name that has any kind of access root capable access is intentionally camel >> cased to thwart name dictionary attacks. The attacks were automated at >> their end, obviously, but if you have a machine exposed, someone is going to >> have software that will do anything and everything to gain access through >> whatever weakest link you have. > > >> I'm on a residential cable line, with an IP that changes periodically, >> however, I'm still subject to attacks. SSH is a common thing, and what you >> have written may not be interesting to the hacker space as a whole, however, >> there is that one idiot out there that WILL take the time to break into your >> system for jollies. > > > > > >> On Fri, Sep 11, 2015 at 6:12 AM, Petr L?z?ovsk? <lazna at volny.cz> wrote: > > >> Never heard about this. Thinked about this a bit, but have no idea how it >> could menace my CGI application. But as far I am a beginner, expecting it >> could be a menace but rely on Security by obscurity. Some time a go, when I >> start writing CGI powered by windows shell scripts, I have serched (almost >> whole) internet for some examples or informations, but I found nothing..... >> That means I am lonely with this technique ;-) No hacker will study such >> weird technique to intrude only one system on whole internet ;-) >> >> L. > > > > _______________________________________________ > sqlite-users mailing list > sqlite-users at mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
