Hello David, Saturday, October 11, 2008, 9:42:46 PM, you wrote:
> [EMAIL PROTECTED] wrote: >> I checked my test system also and when I do a directory the /xml >> folder, it shows me the content of the folder which is yet another >> outcome unexpected. >> > There is a setting in the Apache config that prevents the listing of > directories. In a production system that should be always turned off. > Also, IIRC you can specify the name of the access file in the config as well, > so it may not always be .htaccess, but I cannot think of any plausible reason > to change that. But that may be worthwhile to check out. > Oh, and at your earliest convenience change the hosting company. If they > cannot tell you how such a takeover happened then I wonder what they charge > you money for. Anyone with a PC can do that type of hosting... > David > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > __________ Information from ESET Smart Security, version of virus > signature database 3514 (20081011) __________ > The message was checked by ESET Smart Security. > http://www.eset.com HA! My thoughts exactly. I was blown away when they suggested my scripts without ever checking their log files... Unbelievable! I thought it was a nobrainer to track such a blatant intrusion especially when the time frame of when the breach occurred is known almost to the second. -- Best regards, mikesz mailto:[EMAIL PROTECTED] _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
