hacked?

[Harold Hallikainen]

> On Mon, 2007-04-09 at 20:39 -0600, Karl Pearson wrote:
>> On Mon, April 9, 2007 12:26 pm, Rick Stevens wrote:
> <snip>
>> >> It seems like I always have to depend on someone to secure the
>> machines to
>> >> some extent, whther it's the OS writers, the ap writers, or whatever.
>> But,
>> >> I'll do my best (and, yes, I am learning!).
>> >>
>> >> In the .htaccess, it seems that send-as-is *.pdf would not get around
>> this
>> >> problem, since the hacker put in something called 100.php.3 . But,
>> could I
>> >> put in send-as-is * and just have EVERYTHING sent as is, nothing
>> >> interpreted?
>> >
>> > Yes, that would do it.  And make sure you do that ESPECIALLY in the
>> > upload directory.
>>
>> Doesn't that prevent index.cgi type files from working correctly?
>
> Yes, it will.  But in an upload directory, who cares?  You don't want
> people snooping around in there anyway, do you?  I don't.
>
> In my world, upload directories are quarantined...you can't look into
> them, know what's in them and you can't download from them...UNTIL I
> look them over and move them to a non-quarantined area.  I also don't
> permit CGI scripts of ANY kind to run anywhere on my systems until I've
> checked them and given them a clean bill of health.
>

Hmmm. I put this in my upload directory as test.php.3:
<?php
echo("Hello Test");
?>out of php


and this in my .htaccess:
Options +Indexes
DirectoryIndex ../index.php?pagename=UpLoad
AddHandler send-as-is *


and Apache is interpreting the php (sending me Hello Test instead of the
php source). Did I get something wrong in the AddHandler line?

I also tried SetHandler send-as-is . Then, it appeared nothing was sent.
My pdf files were corrupted. The php.3 showed up empty, including looking
in the source window.

Ideas?

THANKS!

Harold



-- 
FCC Rules Updated Daily at http://www.hallikainen.com - Advertising
opportunities available!