Stuart Low wrote:
PHP as a CGI also requires users (read, typically, morons) to add a
shebang line to their scripts.
No, it doesn't. Set up a handler of the PHP files, so it'll get called
based on file extension just like the users expect.
Snipped from one of our vhosts:
ScriptAlias
Hi All
Thanks you all for helping me to fix the problem. The user removed the old
version of phpBB and will upgrade it later.
Thanks
Mathew
>>> [EMAIL PROTECTED] 9/05/05 13:48:43 >>>
That's the key right there. You probably need to think of multiple
approaches to securing the files (suexec, c
- Original Message -
From: "Stuart Low" <[EMAIL PROTECTED]>
To:
Sent: Monday, May 09, 2005 4:37 AM
Subject: RE: [EMAIL PROTECTED] Hacked the website replace the index.hm page
> Heya,
>
> PHP as a CGI also requires users (read, typically, morons) to add a
> s
That's the key right there. You probably need to think of multiple
approaches to securing the files (suexec, cgiwrappers, php level tweaks,
etc).
This is the one place where *nix and apache fall a hair short. What
would be nice would be the ability to assign user level settings to each
virtual
ue open_basedir "/tmp:
> >/home/whateveruser/html:
> >/usr/local/horde:
> >/usr/local/lib"
> >
> >This might help, but it won't hurt!
> >
> > > - Original Message -
> > > From: "Mathew Thomas" <[EMAIL PROTECTED
admin_value open_basedir "/tmp:
> >/home/whateveruser/html:
> >/usr/local/horde:
> >/usr/local/lib"
> >
> >This might help, but it won't hurt!
> >
> > > - Original Message -
> > > From: "Mathew Thomas" <[EMAIL P
t help, but it won't hurt!
> - Original Message -
> From: "Mathew Thomas" <[EMAIL PROTECTED]>
> To:
> Sent: Sunday, May 08, 2005 8:23 PM
> Subject: Re: [EMAIL PROTECTED] Hacked the website replace the index.hm
page
>
>
> Hi Tim,
>
> Could you please
uot; <[EMAIL PROTECTED]>
> To:
> Sent: Sunday, May 08, 2005 8:23 PM
> Subject: Re: [EMAIL PROTECTED] Hacked the website replace the index.hm
page
>
>
> Hi Tim,
>
> Could you please explain it bit more. There is no connection between
the
> hacked website and phpBB
ed are not using PHP,mysql or ssl.
Thanks
Mathew
>>> [EMAIL PROTECTED] 9/05/05 8:56:04 >>>
We'll probably need more details. You running phpBB anywhere?
----- Original Message -
From: "Mathew Thomas" <[EMAIL PROTECTED]>
To:
Sent: Sunday, May 08, 20
>
If you google admin_styles.php you'll find it's a known phpBB hack.
Update, replace, or disable the phpBB boards and change all passwords.
- Original Message -
From: "Mathew Thomas" <[EMAIL PROTECTED]>
To:
Sent: Sunday, May 08, 2005 8:00 PM
Subject: Re: [EMAIL PROTECTED]
ECTED] 9/05/05 8:56:04 >>>
We'll probably need more details. You running phpBB anywhere?
- Original Message -
From: "Mathew Thomas" <[EMAIL PROTECTED]>
To:
Sent: Sunday, May 08, 2005 6:49 PM
Subject: [EMAIL PROTECTED] Hacked the website replace the index.hm page
-
From: "Mathew Thomas" <[EMAIL PROTECTED]>
To:
Sent: Sunday, May 08, 2005 7:15 PM
Subject: Re: [EMAIL PROTECTED] Hacked the website replace the index.hm page
Hi Tim,
Thanks for the reply. Yes, couple of virtual hosts are running phpPBB. The
website which have been hacked a
Hi All,
We are running apache_1.3.32 with mod_ssl, mySQL and PHP. OS is Solaris 9.
Apache is running with
User httpd
Group http
Most of the Documentroot is owned by httpd.( There are several virtualhost
running on this server)
its-wu-web:departments# ps -ef | grep http
httpd 18168 24970
13 matches
Mail list logo
