On 03/21/2011 03:28 AM, aaron...@comcast.net wrote:
If a PHP Shell can be uploaded. http://phpshell.sourceforge.net/ Then
any thing www-data can do so can the shell user, As stated in my post
about virtual hosts seeing each others document roots.
If you post the root password on your website, then anybody can bring
the machine down.
It's not very useful to do so, however.
----- Original Message -----
From: "ASAI" <a...@globalchangemusic.org>
To: users@httpd.apache.org
Sent: Saturday, March 19, 2011 6:09:51 PM
Subject: [users@httpd] Directories Being Probed Even When Index
Listing Denied
Greetings,
I am hosting a domain with no website which is a gateway for several
applications. Directory indexes are turned off, however I noticed in
the logs today that one the directories which has no reference to the
outside world was probed. Is it possible that one can get the directory
listing of a host even when index listing is turned off through some
other agency?
How do I guard against things like this?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
--
J.
