Date: Thu, 13 Aug 2020 12:19:29 -0700 From: "Jack L." <xxjack12xx@gmail.com> To: Aryeh Friedman <aryeh.friedman@gmail.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: OT: Dealing with a hosting company with it's head up it's rear end Message-ID: <CALeGphwLmxHk_YsYbBUQM8LTAOM1BxMoeAWqbmcTjcb41_AzwA@mail.gmail.com> In-Reply-To: <CAGBxaX=CXbZq-k6=udNaXTj2m%2BgnpDCB%2Bui4wgvtrzyHhjGeSw@mail.gmail.com> References: <CAGBxaXmg0DGSEYtWBZcbmQbqc2vZFtpHrmW68txBck0nKJak=w@mail.gmail.com> <CAGBxaX=XbbFLyZm5-BO=6jCCrU%2BV%2BjubxAkTMYKnZZZq=XK50A@mail.gmail.com> <CALeGphwfr7j-xgSwMdiXeVxUPOP-Wb8WFs95tT_%2Ba8jig_Skxw@mail.gmail.com> <CAGBxaX=CXbZq-k6=udNaXTj2m%2BgnpDCB%2Bui4wgvtrzyHhjGeSw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Time to run a web shell and show them how vulnerable port 80 is. On Thu, Aug 13, 2020 at 12:07 PM Aryeh Friedman <aryeh.friedman@gmail.com> wrote: > > > > On Thu, Aug 13, 2020 at 3:04 PM Jack L. <xxjack12xx@gmail.com> wrote: >> >> Just change the ssh/rdp ports? >> > > All ports except 80 and 25 are firewalled > > >> >> On Thu, Aug 13, 2020 at 11:59 AM Aryeh Friedman >> <aryeh.friedman@gmail.com> wrote: >> > >> > Forgot to ask how common is such idiocy? And is it becoming more common? >> > >> > On Thu, Aug 13, 2020 at 2:56 PM Aryeh Friedman <aryeh.friedman@gmail.com> >> > wrote: >> > >> > > The hosting company for one of our clients sent the following reply to >> > > us/them when we asked them to setup end user accounts on a dedicated >> > > Windows Server, FreeBSD box and CentOS box (all VM's on the same physical >> > > machine with no other VM's on the physical machine) and being told we >> > > needed scriptable access (not web based non-scriptable) to the windows >> > > desktop and shell accounts (including the ability to sudo) and they agreed >> > > to provide it: >> > > >> > > "[Insert client name here], we do not allow RDP or SSH into our >> > > datacenter. They are the primary vehicles for ransomware and cryptolocker >> > > breaches. We utilize a secure access portal with multi-factor >> > > authentication to ensure you don't get breached." >> > > >> > > I kind of understand RDP (but we have had bad luck with VNC on the same >> > > hosting provider in the past so we prefer RDP), but SSH!?!?!?!?! Their >> > > idea of a "two factor" authentication is each connection will only be >> > > allowed via a web portal and must use a one-time password sent the users >> > > smartphone. Not only does this make automated deploy impossible it is a >> > > complete show stopper since our service is IoT and uses its own custom >> > > protocol. >> > > >> > > So how do we/the client tell the hosting company they are full of sh*t >> > > (the client has a 3 year contract with a pay in full to break clause with >> > > them which would be over $100k to break) >> > > >> > > -- >> > > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org >> > > >> > >> > >> > -- >> > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org >> > _______________________________________________ >> > freebsd-questions@freebsd.org mailing list >> > https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > > -- > Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALeGphwLmxHk_YsYbBUQM8LTAOM1BxMoeAWqbmcTjcb41_AzwA>