Jump to content
xisto Community
mrdee

Forbidden Content On Trap 17 Hosting

Recommended Posts

I was reading through the knowledgebase on Xisto earlier, and one thing caught my eye:

 

It was in the section where they explain which content is not allowed on the hosting, obviously, warez and mailbombing and that are off the list.

But I was very surprised to read the following:

FormMail.cgi, FormMail.pl from Matt's Script Archive are not allowed.

I assume Trap 17 probably have their reason(s) to ban that content, but has anyone got any idea why?

I used to use those scripts myself in the past:

 

On hosting which did not run Server Side apps

Before I had my own software to create forms and all that.


(Never used it on Trap 17, though, I hasten to add).

 

It looked to me like the script did the job, and I don't think there was anything malicious (spyware, viruses or hacking) involved.

So, I was highly surprised you are not allowed to run those scripts on your Trap 17 sites.

Does anyone know the reason(s) for that?

 

I am only asking this question out of curiosity.

Share this post


Link to post
Share on other sites

The scripts are now approaching seven years without an update, and as such are very buggy and outdated compared to newer coding standards, and the latest version of Perl. There are replacements from The nms Project available here which claim to be less buggy and better written.

 

Other than that I'm not sure why they would have been banned, but there are plenty of ways of achieving what those scripts achieved that are allowed at Xisto.

 

Update

After more reading around, it seems that the scripts from Matt's Script Archive have been banned by a large number of hosts for two main reasons. Firstly they use a large amount of server resources compared to other methods, and that can have an adverse effect on other users if you send a lot of emails. Secondly, being outdated and buggy, spammers can easily use the scripts to send their own spam emails without you knowing, again leading to increased server load and security problems.

Share this post


Link to post
Share on other sites

The scripts are now approaching seven years without an update, and as such are very buggy and outdated compared to newer coding standards, and the latest version of Perl. There are replacements from The nms Project available here which claim to be less buggy and better written.

 

Other than that I'm not sure why they would have been banned, but there are plenty of ways of achieving what those scripts achieved that are allowed at Xisto.

 

Update

After more reading around, it seems that the scripts from Matt's Script Archive have been banned by a large number of hosts for two main reasons. Firstly they use a large amount of server resources compared to other methods, and that can have an adverse effect on other users if you send a lot of emails. Secondly, being outdated and buggy, spammers can easily use the scripts to send their own spam emails without you knowing, again leading to increased server load and security problems.

I think rvalkass basically hit the nail on the head. As technology has progressed and scripts that are readily available are not updated, people move around them to find exploits that aren't patched up. It makes sense that Xisto wouldn't want their scripts on the system. On the plus side, it certainly encourages you to write your own, which is, to my mind at least, a big bonus. There really isn't anything quite like the feeling you get for finding a script such as the ones you've mentionned that does roughly what you want, then starting from scratch and building up your own clean piece of code. It's also likely going to make your code unique and therefore far less likely to be targetted by people trying to find loopholes in the security settings of sites that use commonly used scripts.

 

All in all, it's a security thing. :P

Share this post


Link to post
Share on other sites

Well on top of the scripts being outdated and stuff it would seem that many web hosting companies had ban these scripts either because of the resources they take up, the spamming or the hacking of accounts that could be achieve from using these scripts. Which of course rvalkass mentions in his update :P, but yeah I had asked OpaQue about this awhile back after noticing it myself about those mail scripts.

Share this post


Link to post
Share on other sites

I too think the reason is that the script puts a lot of load on server making the server to go down in some exclusive cases. It uses a lot of server resource and rather using it use some new scripts which are more advanced then this crape script

Share this post


Link to post
Share on other sites

Ah, great topic. Just great for asking my question :P

UBB (Ultimate Bulletin Board, all versions)

lstmrge.cgi

phpShell

These are those that are 'unusual' for the casual human eye :P

 

I want to know what lstmerge.cgi is and why it's with phpShell banned from Xisto. As for UBB, I guess that's because it's old, outdated and not updated anymore and it could bring spamers to it, as rvalkass said for those scripts.

Share this post


Link to post
Share on other sites

I'm not understanding why the "outdated" software would be banned. There are many current programs(phpBB, vbulletin, and many others) that are also exploitable using injection-scripts.So why ban some and not all? Old doesn't really have anything to do with it.And in terms of the resource usage...Does this mean that under VPS and/or dedicated servers those things are all okay to use? Considering it's only your resources, not shared ones.I don't personally, nor have I ever, used scripts like those mentioned as being banned, as I have never had a use. But, regardless, this does interest me as to why the rule is in place to begin with.

Share this post


Link to post
Share on other sites

All rather nicely explained in the Wikipedia article found here.

Old code, rookie programmer, bound to be some issues in the last 13 years, so Web Hosts don't like them.

Share this post


Link to post
Share on other sites

I want to know what lstmerge.cgi is and why it's with phpShell banned from Xisto.

I'm not sure what lstmerge.cgi is, but it appears to be banned due to using large amounts of server resources and the possibility of causing harm to other accounts (according to other web hosts).

 

As for UBB, I guess that's because it's old, outdated and not updated anymore and it could bring spamers to it, as rvalkass said for those scripts.

I'm not understanding why the "outdated" software would be banned. There are many current programs(phpBB, vbulletin, and many others) that are also exploitable using injection-scripts.

 

So why ban some and not all? Old doesn't really have anything to do with it.


Being old, outdated and unmaintained, any security holes that are found will never get fixed, making the script incredibly vulnerable. Not only this, but it used a flat-file system to run itself. With a popular forum, that causes incredible server load, and therefore a detrimental effect on all other accounts hosted on the same server. Now, database-driven forums are much better and less damaging to the server resources.

 

phpBB, vBulletin, etc. are all currently maintained. Therefore any security holes are found quickly and patches released. This drastically reduces the risk in running one of those forums, as long as you keep it up to date.

 

And in terms of the resource usage...Does this mean that under VPS and/or dedicated servers those things are all okay to use? Considering it's only your resources, not shared ones.

Not sure actually. If you are interested then feel free to check with support and I'm sure they can help you out.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.