I probably have my apache server set up somewhat incorrectly for one of my oldest websites. I run a lot of wikis on many websites, and the wikis permit apache cgi clients to rewrite apache owned wiki content under some circumstances.
What is scary is that a couple of my static html files, allegedly unrelated to the wiki, were also rewritten by spammers, no doubt via some of the older wikis (using Kwiki, rather than the newer and more secure MoinMoin). Those static files were incorrectly owned by apache, but still ... I just set all the static files to ownership root. I will learn more about tightening down the restrictions for Kwiki write access ( and eventually migrate all the content to Moin ). But in the interim (without sharing my httpd.conf stuff with all and sundry) are there other ways (besides incorrectly configured wikis) that apache can rewrite static content that incompetents like myself should be aware of? Are there any issues with setting static content to root ownership ( or perhaps to user "foo" ownership ), read only, as long as apache can still read it? Keith -- Keith Lofstrom [email protected] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
