At 07:55 PM 4/21/2002, you wrote: >At 19:43 21/04/02 -0700, you wrote: >> ><Directory /home/sites/> >> >AllowOverride All >> >Options All >> ></Directory> >> > >> >... set, then who do you blame? :o) Set it to >>"AllowOverride None" and all >> >these fancy .htaccess files in /home/sites/wherever >> >will no longer work. >> >>Well.... Not exactly, at least not on my remaining >>RaQ3. I have the following in my access.conf file and >>I still can (and do) use .htaccess files to password >>protect a few user directories.. >> >><Directory /> >>Options None >>AllowOverride None >>AuthFailDelay 2000000 >></Directory> >> >>What I *do* use to stop those files from being >>uploaded in the first place, is this little line in my >>proftpd.conf file.. >> >>PathDenyFilter >>"(\\.ftpaccess)|(\\.htaccess)|(\\.forward)$" >> >>Babs > > >Thats quite a nice way of doing it, but that still doesnt stop users from >uploading htaccess.txt and then renaming it on the server using there FTP >client. > >It looks almost impossible to stop users doing this, basically it gives >them the same access as what shell would. >
This is a huge security hole... , how do we fix this??? I call on SUN to patch this hole ASAP!!! >>__________________________________________________ >>Do You Yahoo!? >>Yahoo! Games - play chess, backgammon, pool and more >>http://games.yahoo.com/ >>_______________________________________________ >>cobalt-security mailing list >>[EMAIL PROTECTED] >>http://list.cobalt.com/mailman/listinfo/cobalt-security > > >_______________________________________________ >cobalt-security mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
