File System Object

IaninDubai · #1 (**permalink**) 21-06-11, 12:27 PM

I have read many threads in this, and your sister site, concerning the recent attacks on your servers. I understand the concerns you have about securty and why you have disabled FSO on your shared servers.
I have two questions: the first is, being one of the few sites that still have an extensive classic ASP content that is making use of FSO I have no way to change the script in my site to make it work without FSO. Will there be a patch to overcome this loophole?
My second question is why there is so little information about this problem on the Internet. Is it really the FP extensions and FSO that are allowing the attacks or are the attacks penetrating deeper?
At present I share hosting with a group of similar sites which makes our sites affordable. As a non-profit making organisation (a genuine .org.uk), we cannot justify the cost of moving to a VPS or similar option.
What other options are available to a classic ASP site using FSO?
I have a similar site hosted by another provider that works fine.... now! But I'm not so niaive as to think it won't be the next server to have FSO disabled so a move to that server is not first on my mind.

**sysadmin** · #2 (**permalink**) 21-06-11, 04:56 PM

Quote:

Originally Posted by IaninDubai

I have read many threads in this, and your sister site, concerning the recent attacks on your servers. I understand the concerns you have about securty and why you have disabled FSO on your shared servers.
I have two questions: the first is, being one of the few sites that still have an extensive classic ASP content that is making use of FSO I have no way to change the script in my site to make it work without FSO. Will there be a patch to overcome this loophole?
My second question is why there is so little information about this problem on the Internet. Is it really the FP extensions and FSO that are allowing the attacks or are the attacks penetrating deeper?
At present I share hosting with a group of similar sites which makes our sites affordable. As a non-profit making organisation (a genuine .org.uk), we cannot justify the cost of moving to a VPS or similar option.
What other options are available to a classic ASP site using FSO?
I have a similar site hosted by another provider that works fine.... now! But I'm not so niaive as to think it won't be the next server to have FSO disabled so a move to that server is not first on my mind.

FSO has been disabled for security concerns & it won't be enabled on the shared hosting servers in any circumstances, as this might lead to several other webistes getting compromised. Please either change the code to use ASP.Net, as ASP.NET doesn't use FSO. Or upgrade the package to a Windows VPS. I'd recommend changing the code as leaving the component enabled anywhere will cause problems sooner or later..