On Sat, 2008-10-11 at 21:55 +0800, [EMAIL PROTECTED] wrote: > Hello David, > > Saturday, October 11, 2008, 9:42:46 PM, you wrote: > > > [EMAIL PROTECTED] wrote: > >> I checked my test system also and when I do a directory the /xml > >> folder, it shows me the content of the folder which is yet another > >> outcome unexpected. > >> > > > There is a setting in the Apache config that prevents the listing of > > directories. In a production system that should be always turned off. > > Also, IIRC you can specify the name of the access file in the config as > > well, > > so it may not always be .htaccess, but I cannot think of any plausible > > reason > > to change that. But that may be worthwhile to check out. > > > Oh, and at your earliest convenience change the hosting company. If they > > cannot tell you how such a takeover happened then I wonder what they charge > > you money for. Anyone with a PC can do that type of hosting...
> HA! My thoughts exactly. I was blown away when they suggested my > scripts without ever checking their log files... Unbelievable! I > thought it was a nobrainer to track such a blatant intrusion > especially when the time frame of when the breach occurred is known > almost to the second. > i have to also +1 the new host thing.. ASAP -- Dan Horning American Digital Services - Where you are only limited by imagination. direct 1-866-493-4218 . main 1-800-863-3854 . fax 1-888-474-6133 [EMAIL PROTECTED] http://www.americandigitalservices.com _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
