Anyway, it's good to see your ISP has some clue.

I'd be mighty pissed if I was using the ISP's hosting service, and connection to my site was seriously disrupted because of what happened with some other site.

Abigail

I didn't say they had much clue, but some ;) But yes, you are right. They should have looked at the issue before they implemented it. Especially since is known for ages that these scripts can be exploited by evil spammers.
--
B10m

I really don't want to put words in Abigail-II's mouth, so I'll add my own. ;) I think that the point is that an ISP who allows its users to install CGI scripts from any source (including self-developed / written) without first reviewing the script is exposing themselves (and their clients) to security risks.

Today it may have been Matt's script. But how many times have we seen security-hole ridden code posted here along with questions, by folks other than Matt Wright? It happens all the time, and one can only assume that such code eventually finds its way onto some unsuspecting ISP's system. And for every example we see here, there are thousands that never are seen by anyone aside from the script-kiddie (or sub-par professional) who wrote them, until the damage is done.

Any ISP who allows user-written and user-installed scripts onto its servers without prior review (a time-consuming and costly process), or without operating it in an environment that prohibits it from bad behavior, probably has serious breeches lurking, that may be found eventually.

This is an unfortunate situation; a few bad apples ruin it for everyone. A substantial portion of ISP's have stopped allowing just anybody to post CGI scripts. This is a step in the right direction for security, and a step backward for the hobbiest, even if he/she produces secure code.




Dave