hacked?
Harold Hallikainen
harold at hallikainen.com
Wed Apr 11 04:16:54 UTC 2007
> On Mon, 2007-04-09 at 20:39 -0600, Karl Pearson wrote:
>> On Mon, April 9, 2007 12:26 pm, Rick Stevens wrote:
> <snip>
>> >> It seems like I always have to depend on someone to secure the
>> machines to
>> >> some extent, whther it's the OS writers, the ap writers, or whatever.
>> But,
>> >> I'll do my best (and, yes, I am learning!).
>> >>
>> >> In the .htaccess, it seems that send-as-is *.pdf would not get around
>> this
>> >> problem, since the hacker put in something called 100.php.3 . But,
>> could I
>> >> put in send-as-is * and just have EVERYTHING sent as is, nothing
>> >> interpreted?
>> >
>> > Yes, that would do it. And make sure you do that ESPECIALLY in the
>> > upload directory.
>>
>> Doesn't that prevent index.cgi type files from working correctly?
>
> Yes, it will. But in an upload directory, who cares? You don't want
> people snooping around in there anyway, do you? I don't.
>
> In my world, upload directories are quarantined...you can't look into
> them, know what's in them and you can't download from them...UNTIL I
> look them over and move them to a non-quarantined area. I also don't
> permit CGI scripts of ANY kind to run anywhere on my systems until I've
> checked them and given them a clean bill of health.
>
Hmmm. I put this in my upload directory as test.php.3:
<?php
echo("Hello Test");
?>out of php
and this in my .htaccess:
Options +Indexes
DirectoryIndex ../index.php?pagename=UpLoad
AddHandler send-as-is *
and Apache is interpreting the php (sending me Hello Test instead of the
php source). Did I get something wrong in the AddHandler line?
I also tried SetHandler send-as-is . Then, it appeared nothing was sent.
My pdf files were corrupted. The php.3 showed up empty, including looking
in the source window.
Ideas?
THANKS!
Harold
--
FCC Rules Updated Daily at http://www.hallikainen.com - Advertising
opportunities available!
More information about the Redhat-install-list
mailing list