You coulda just checked your logs and found their IP address that way too.
--=@ greg @=--
----- Original Message -----
From: "Brendan Avery" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, January 11, 2001 3:33 PM
Subject: RE: The +.htr bug strikes again
> we got hit with an /iisadmpwd/*.htr bug hack a couple of days ago on a
> low-security machine.
>
> "prime suspectz ownz you" hack page.
>
> but i got their ADSL ip number after emailing them with a web bug.
>
> eeediots.
>
> --brendan avery / [EMAIL PROTECTED]
>
> At 03:14 PM 1/11/2001 -0500, you wrote:
> >How does one test to see if the problem has be fixed?
> >
> >Won
> >
> >-----Original Message-----
> >From: Zachary Bedell [mailto:[EMAIL PROTECTED]]
> >Sent: Thursday, December 21, 2000 10:47 PM
> >To: CF-Talk
> >Subject: RE: The +.htr bug strikes again
> >
> >
> > > Someone should probably make an official "checklist"
> > > to run through when you setup a CF server.
> >
> >How about these additions to said checklist:
> >
> >In addition to removing the .htr mapping, also remove the mappings for
any
> >other extensions that you won't be using on that server.
> >
> >Like:
> >htw -- unless you're using the WebHits highligher
> >ida, idq, htr, idc -- unless you're using old-style Index Server access
> >asp, cer, cdx, asa -- unless you're also hosting ASP apps on that server
> >shtm, shtml, stm -- unless you're using Server Side Include files
> >printer -- WTF is this and why did IIS install it for Win2k?
> >
> >You could probably also yank the dbm extension unless you have REALLY old
CF
> >code lying around.
> >
> >Basically your goal is to DISABLE any functionality of your server that
> >you're not currently using. The less junk you have running on the
server,
> >the less chance someone will find a bug in part of the server you didn't
> >even know was there.
> >
> >Granted, there's a fine and arcane art to disabling just the right things
> >without breaking any part of your server. You'd be best to play on a
> >production server that you can afford to trash & reinstall a few times if
> >need be. Certainly, though, deleting extensions for file types not used
in
> >your sites (or your customer's sites for webhosts) is completely safe and
a
> >good idea in general.
> >
> >Best regards,
> >Zac Bedell
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
