if possible, make the directory +x only, change the filename of
the configuration files and reflect the changes. hmm
--
main(i){putchar(182623909>>(i-1)*5&31|!!(i<7)<<6)&&main(++i);}
[EMAIL PROTECTED] - http://linux.com.sg/~amnesia/
"WinError FFF: Ran out of memory for more error messages."
On Mon, 11 Oct 1999, Alf wrote:
> One thing to add...
> all users on linux.com.sg can view the passwords of admins,etc..
>
> Ur directories can be "cd"ed to and listed and files viewed.
>
>
>
> Elvin
> -
>
> On Mon, 11 Oct 1999, Caleb wrote:
>
> > Date: Mon, 11 Oct 1999 18:13:02 +0800
> > From: Caleb <[EMAIL PROTECTED]>
> > Reply-To: [EMAIL PROTECTED]
> > To: [EMAIL PROTECTED]
> > Subject: Re: [SLP] Re: Ultimate Bulletin Board Ready
> >
> > I'm not too sure with CGI-Wrap, can somebody help with this?
> > ----- Original Message -----
> > From: Alf <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, October 11, 1999 11:04 AM
> > Subject: Re: [SLP] Re: Ultimate Bulletin Board Ready
> >
> >
> > > Yo !
> > >
> > > > > UBB was quite sloppily written and requires patching and constant
> > > > > monitoring. CGI-Wrapping and 750 solves the problem usually.
> > > > Can you advise us on the patching required and the kind of
> > > > constant monitoring?
> > > 1. Modify the password to be saved to be crypt(x,y)
> > > 2. Move the Members directory out of CGI. (create an outside
> > > directory to store the members files in)
> > > 3. Move all controlpanel.html out of the normal CGI directory)
> > > 4. Install CGI-wrap
> > > 5. Remove 777 and 755s.. 700 should be enuf since it's running as
> > > owners
> > > 6. Monitor via grepping of admin CGIs.
> > > 7. Backups
> > > 8. Quite a few more i'll to remember and post here...
> > >
> > >
> > > Elvin
> > > -
> > >
> > >
> >
>
