[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Theo Zourzouvillys wrote: > On Wednesday 19 July 2006 20:33, Ben Goodger wrote: >> Sorry Theo, this point is null and void: the site wasn't compromised. >> It was the ISP's DNS server. > > do you know which ISP? They need a good slapping, and i've not heard anyhting > recently in the industry about hacked DNS servers (assuming it was a UK > company). Of course, my bet is they had not kept BIND, djb, or MS dns up to > date. Given it looked like a redirect (http 302) on visiting a wordpress directory of a hosted page, I'd guess it wasn't DNS, but a wordpress vulnerability. But I'm just guessing from the symptoms. I think we need less speculation, and more details. Personally PHP can take the lambasting, it had some really stupid features and libraries, like a mail function with virtually no sanity checking, which would probably have been fine in a language not primarily used for website scripting. Whilst it is easy to blame 'inexperienced developers' for PHP issues, as a language intended for its kind of purpose one would expect core features to provide some protection (or the documentation to say things like the strcpy manual page does for C). Otherwise the inexperienced programmers will only learn by making the same mistakes (not that repeating the same mistakes isn't a core activity for programmers), rather than learn by reading the documentation. Although the idea that languages ought to protect the programmers from messing up big time seems to be an unpopular one amongst many programmers. Many of whom are in denial about the robustness of their own code, me I know my code sucks. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html