DynDNS ?
/dev/rob0
rob0 at gmx.co.uk
Thu Jul 14 18:32:08 UTC 2005
Michelle Konzack wrote:
> I was already thinking on this issue.
> My curent zonefiles are autogenerated by a script from a postgresql.
> There will be no problem to change the script to use 'nsupdate', ok,
> the script will be much bigger and slower, but it schould work too.
You might want to reconsider, then. You could have your CGI add the
records to PostgreSQL.
>>I use TXT records in mine. I generate a UTC string of update and store
>>as a TXT record. I think that's a useful feature, because it tells me
>>when a user last updated his/her record.
>
> I do logging too. And I recommend it to all peoples which do such
> scripting. Recording the source IP with timestamp is essential.
Oh sure, I log it both in apache and in the script itself. But the TXT
record is readily accessible from anywhere ...
> Maybe you/me will get hack attempts
I don't worry much about it. Sure, it's possible. Most successful
exploits I've seen target well-known services. Unless you have a real
enemy who hires a real professional blackhat (and those are rare, and
likely hard to find!) you're fine, I'm sure.
I have rooted two Red Hat machines on behalf of their owners. It was
very easy both times. Both times, owners forgot the root passwords.
First time, the root password was the name of the company who sold it.
My first guess! Second time, shelled out of a proprietary binary which
was SUID. Duh. Took about a half hour to find that opening. And there
you have my entire cracking history ... about a half hour of real-time
experience. :)
(Interesting aside: BOTH of these were running proprietary software.
Both of those packages were dreadfully insecure. The one where I guessed
the root password had something like "chmod a+rw /dev/*" in the rc.local
file as shipped by the vendor.)
>>>This is easier as I was thinking...
>>
>>Indeed. Have fun with it.
>
> :-)
>
> Now I am working since 6 years and 4 month with Linux
> (since 2.0.36) and each day I have more fun. :-)
I can relate. You and I started at about the same time. (But my Linux
Counter number is less than half of yours, so there. ;) )
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the bind-users
mailing list