we got hit with an /iisadmpwd/*.htr bug hack a couple of days ago on a
low-security machine.
"prime suspectz ownz you" hack page.
but i got their ADSL ip number after emailing them with a web bug.
eeediots.
--brendan avery / [EMAIL PROTECTED]
At 03:14 PM 1/11/2001 -0500, you wrote:
>How does one test to see if the problem has be fixed?
>
>Won
>
>-----Original Message-----
>From: Zachary Bedell [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, December 21, 2000 10:47 PM
>To: CF-Talk
>Subject: RE: The +.htr bug strikes again
>
>
> > Someone should probably make an official "checklist"
> > to run through when you setup a CF server.
>
>How about these additions to said checklist:
>
>In addition to removing the .htr mapping, also remove the mappings for any
>other extensions that you won't be using on that server.
>
>Like:
>htw -- unless you're using the WebHits highligher
>ida, idq, htr, idc -- unless you're using old-style Index Server access
>asp, cer, cdx, asa -- unless you're also hosting ASP apps on that server
>shtm, shtml, stm -- unless you're using Server Side Include files
>printer -- WTF is this and why did IIS install it for Win2k?
>
>You could probably also yank the dbm extension unless you have REALLY old CF
>code lying around.
>
>Basically your goal is to DISABLE any functionality of your server that
>you're not currently using. The less junk you have running on the server,
>the less chance someone will find a bug in part of the server you didn't
>even know was there.
>
>Granted, there's a fine and arcane art to disabling just the right things
>without breaking any part of your server. You'd be best to play on a
>production server that you can afford to trash & reinstall a few times if
>need be. Certainly, though, deleting extensions for file types not used in
>your sites (or your customer's sites for webhosts) is completely safe and a
>good idea in general.
>
>Best regards,
>Zac Bedell
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
