8 replies to this topic

[mrdee]

I was reading through the knowledgebase on Xisto earlier, and one thing caught my eye:

It was in the section where they explain which content is not allowed on the hosting, obviously, warez and mailbombing and that are off the list.
But I was very surprised to read the following:

Quote

FormMail.cgi, FormMail.pl from Matt's Script Archive are not allowed.

I assume Trap 17 probably have their reason(s) to ban that content, but has anyone got any idea why?
I used to use those scripts myself in the past:

• On hosting which did not run Server Side apps
  
• Before I had my own software to create forms and all that.

(Never used it on Trap 17, though, I hasten to add).

It looked to me like the script did the job, and I don't think there was anything malicious (spyware, viruses or hacking) involved.
So, I was highly surprised you are not allowed to run those scripts on your Trap 17 sites.
Does anyone know the reason(s) for that?

I am only asking this question out of curiosity.

[rvalkass]

The scripts are now approaching seven years without an update, and as such are very buggy and outdated compared to newer coding standards, and the latest version of Perl. There are replacements from The nms Project available here which claim to be less buggy and better written.

Other than that I'm not sure why they would have been banned, but there are plenty of ways of achieving what those scripts achieved that are allowed at Trap17.

Update
After more reading around, it seems that the scripts from Matt's Script Archive have been banned by a large number of hosts for two main reasons. Firstly they use a large amount of server resources compared to other methods, and that can have an adverse effect on other users if you send a lot of emails. Secondly, being outdated and buggy, spammers can easily use the scripts to send their own spam emails without you knowing, again leading to increased server load and security problems.

[Mordent]

rvalkass, on Jan 6 2009, 05:01 PM, said:

The scripts are now approaching seven years without an update, and as such are very buggy and outdated compared to newer coding standards, and the latest version of Perl. There are replacements from The nms Project available here which claim to be less buggy and better written.

Other than that I'm not sure why they would have been banned, but there are plenty of ways of achieving what those scripts achieved that are allowed at Trap17.

Update
After more reading around, it seems that the scripts from Matt's Script Archive have been banned by a large number of hosts for two main reasons. Firstly they use a large amount of server resources compared to other methods, and that can have an adverse effect on other users if you send a lot of emails. Secondly, being outdated and buggy, spammers can easily use the scripts to send their own spam emails without you knowing, again leading to increased server load and security problems.

I think rvalkass basically hit the nail on the head. As technology has progressed and scripts that are readily available are not updated, people move around them to find exploits that aren't patched up. It makes sense that Xisto wouldn't want their scripts on the system. On the plus side, it certainly encourages you to write your own, which is, to my mind at least, a big bonus. There really isn't anything quite like the feeling you get for finding a script such as the ones you've mentionned that does roughly what you want, then starting from scratch and building up your own clean piece of code. It's also likely going to make your code unique and therefore far less likely to be targetted by people trying to find loopholes in the security settings of sites that use commonly used scripts.

All in all, it's a security thing.

[Saint_Michael]

Well on top of the scripts being outdated and stuff it would seem that many web hosting companies had ban these scripts either because of the resources they take up, the spamming or the hacking of accounts that could be achieve from using these scripts. Which of course rvalkass mentions in his update , but yeah I had asked OpaQue about this awhile back after noticing it myself about those mail scripts.

[ragav.bpl]

I too think the reason is that the script puts a lot of load on server making the server to go down in some exclusive cases. It uses a lot of server resource and rather using it use some new scripts which are more advanced then this crape script

[miladinoski]

Ah, great topic. Just great for asking my question

Banned content on Xisto said:

• UBB (Ultimate Bulletin Board, all versions)
  
• lstmrge.cgi
  
• phpShell

These are those that are 'unusual' for the casual human eye

I want to know what lstmerge.cgi is and why it's with phpShell banned from Xisto. As for UBB, I guess that's because it's old, outdated and not updated anymore and it could bring spamers to it, as rvalkass said for those scripts.

[rpgsearcherz]

I'm not understanding why the "outdated" software would be banned. There are many current programs(phpBB, vbulletin, and many others) that are also exploitable using injection-scripts.

So why ban some and not all? Old doesn't really have anything to do with it.

And in terms of the resource usage...Does this mean that under VPS and/or dedicated servers those things are all okay to use? Considering it's only your resources, not shared ones.


I don't personally, nor have I ever, used scripts like those mentioned as being banned, as I have never had a use. But, regardless, this does interest me as to why the rule is in place to begin with.

[jlhaslip]

All rather nicely explained in the Wikipedia article found here.

Old code, rookie programmer, bound to be some issues in the last 13 years, so Web Hosts don't like them.

[rvalkass]

miladinoski, on Jan 7 2009, 09:20 PM, said:

I want to know what lstmerge.cgi is and why it's with phpShell banned from Xisto.

I'm not sure what lstmerge.cgi is, but it appears to be banned due to using large amounts of server resources and the possibility of causing harm to other accounts (according to other web hosts).

miladinoski, on Jan 7 2009, 09:20 PM, said:

As for UBB, I guess that's because it's old, outdated and not updated anymore and it could bring spamers to it, as rvalkass said for those scripts.

rpgsearcherz, on Jan 7 2009, 11:20 PM, said:

I'm not understanding why the "outdated" software would be banned. There are many current programs(phpBB, vbulletin, and many others) that are also exploitable using injection-scripts.

So why ban some and not all? Old doesn't really have anything to do with it.

Being old, outdated and unmaintained, any security holes that are found will never get fixed, making the script incredibly vulnerable. Not only this, but it used a flat-file system to run itself. With a popular forum, that causes incredible server load, and therefore a detrimental effect on all other accounts hosted on the same server. Now, database-driven forums are much better and less damaging to the server resources.

phpBB, vBulletin, etc. are all currently maintained. Therefore any security holes are found quickly and patches released. This drastically reduces the risk in running one of those forums, as long as you keep it up to date.

rpgsearcherz, on Jan 7 2009, 11:20 PM, said:

And in terms of the resource usage...Does this mean that under VPS and/or dedicated servers those things are all okay to use? Considering it's only your resources, not shared ones.

Not sure actually. If you are interested then feel free to check with support and I'm sure they can help you out.