OT: Dealing with a hosting company with it's head up it's rear end
Jack L.
xxjack12xx at gmail.com
Thu Aug 13 19:20:08 UTC 2020
Time to run a web shell and show them how vulnerable port 80 is.
On Thu, Aug 13, 2020 at 12:07 PM Aryeh Friedman
<aryeh.friedman at gmail.com> wrote:
>
>
>
> On Thu, Aug 13, 2020 at 3:04 PM Jack L. <xxjack12xx at gmail.com> wrote:
>>
>> Just change the ssh/rdp ports?
>>
>
> All ports except 80 and 25 are firewalled
>
>
>>
>> On Thu, Aug 13, 2020 at 11:59 AM Aryeh Friedman
>> <aryeh.friedman at gmail.com> wrote:
>> >
>> > Forgot to ask how common is such idiocy? And is it becoming more common?
>> >
>> > On Thu, Aug 13, 2020 at 2:56 PM Aryeh Friedman <aryeh.friedman at gmail.com>
>> > wrote:
>> >
>> > > The hosting company for one of our clients sent the following reply to
>> > > us/them when we asked them to setup end user accounts on a dedicated
>> > > Windows Server, FreeBSD box and CentOS box (all VM's on the same physical
>> > > machine with no other VM's on the physical machine) and being told we
>> > > needed scriptable access (not web based non-scriptable) to the windows
>> > > desktop and shell accounts (including the ability to sudo) and they agreed
>> > > to provide it:
>> > >
>> > > "[Insert client name here], we do not allow RDP or SSH into our
>> > > datacenter. They are the primary vehicles for ransomware and cryptolocker
>> > > breaches. We utilize a secure access portal with multi-factor
>> > > authentication to ensure you don't get breached."
>> > >
>> > > I kind of understand RDP (but we have had bad luck with VNC on the same
>> > > hosting provider in the past so we prefer RDP), but SSH!?!?!?!?! Their
>> > > idea of a "two factor" authentication is each connection will only be
>> > > allowed via a web portal and must use a one-time password sent the users
>> > > smartphone. Not only does this make automated deploy impossible it is a
>> > > complete show stopper since our service is IoT and uses its own custom
>> > > protocol.
>> > >
>> > > So how do we/the client tell the hosting company they are full of sh*t
>> > > (the client has a 3 year contract with a pay in full to break clause with
>> > > them which would be over $100k to break)
>> > >
>> > > --
>> > > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
>> > >
>> >
>> >
>> > --
>> > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
>> > _______________________________________________
>> > freebsd-questions at freebsd.org mailing list
>> > https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> > To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
>
> --
> Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
More information about the freebsd-questions
mailing list