clearguy Posted November 15, 2006 Posted November 15, 2006 Hi,I'm wondering if TCP can permit hacking, I'm sure when I'm using a server with simple not 'securised' script someone could hack me , isn't it?I wrote a server that checks login credentials and when the password or login are incorrect, the client doesn't get 'connection'.But in fact only the variable which got TCPAccept(...) gets equal to -1. I'm carrying about that TCP which was accepted, it is still active? Can someone intrude in my computer using this open port?Server is from this topic=> http://www.autoitscript.com/forum/index.ph...c=35037&hl= I've never met anyone who codes binary. StringMultiInsert()SOW EncryptFrench autoit forum - forum français
lod3n Posted November 15, 2006 Posted November 15, 2006 Open ports are what make networks work, so don't be fearful of them.Hacking through a port requires an understanding of what's listening and acting on the other side. If you know that the application listening to that port can be tricked into running arbitrary code by, say, overflowing it's buffers with a particular set of characters, then you can hack it.Therefore, if you are very worried about someone compromising your server, develop some very strict rules about what kind of input gets processed, and what kind gets ignored. If you're worried about inherent buffer overflow vulerabilities in AutoIt (if any) trim the input down to a minimum size. Use regex to validate the input, so only A-Z,a-z and 0-9 get processed. Only accept connection from a range of IPs you deem safe. Log connections and what they are doing, and by god, review and understand those logs.You get the idea. [font="Fixedsys"][list][*]All of my AutoIt Example Scripts[*]http://saneasylum.com[/list][/font]
clearguy Posted November 15, 2006 Author Posted November 15, 2006 I know now how to protect my server with your useful tips, thanx I've never met anyone who codes binary. StringMultiInsert()SOW EncryptFrench autoit forum - forum français
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now