[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Re: RE: SSI Vuln on cobalt
- Subject: [cobalt-security] Re: RE: SSI Vuln on cobalt
- From: Barbara <thebizworkers@xxxxxxxxx>
- Date: Mon, 22 Apr 2002 19:09:21 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Just out of curiosity, has ANYONE on this list at
least attempted my original suggestion to even see if
it works for you..?? It does for me on my RaQ3's...
But you boys keep beating this dead horse over and
over... Keeping users and ghouls from uploading
.htaccess files to ANY location on the server (via FTP
anyway) is as easy as one directive in your ProFTP
config file.... Just take one moment and at least try
my suggestion with the proftpd.conf file, and you'll
find this is pretty much a no-brainer...
PathDenyFilter
"(\\.ftpaccess)|(\\.htaccess)|(\\.forward)$"
Brett brought up the possibility of someone just
uploading a file with a txt extension then renaming it
back to .htaccess --BUT-- with my tests, that still
won't work if you have this directive in your
proftpd.conf file, ProFTP stops the file from being
created (or renamed).. Big "Forbidden File Name" error
bounces across your screen when attempted..
If you *try* and upload a .htaccess file, you'll get a
"Forbidden File Name"
--OR-- if you upload the file as a text file then try
and change it back to an .htaccess file name, ProFTP
kicks back "Forbidden File Name" again...
So the ghouls and evil doers aren't going to be doing
much of notta with .htaccess files with this directive
in your ProFTP config file.. Just give it a try...
;-)
Babs..
__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/