Just out of curiosity, has ANYONE on this list at least attempted my original suggestion to even see if it works for you..?? It does for me on my RaQ3's... But you boys keep beating this dead horse over and over... Keeping users and ghouls from uploading .htaccess files to ANY location on the server (via FTP anyway) is as easy as one directive in your ProFTP config file.... Just take one moment and at least try my suggestion with the proftpd.conf file, and you'll find this is pretty much a no-brainer...
PathDenyFilter "(\\.ftpaccess)|(\\.htaccess)|(\\.forward)$" Brett brought up the possibility of someone just uploading a file with a txt extension then renaming it back to .htaccess --BUT-- with my tests, that still won't work if you have this directive in your proftpd.conf file, ProFTP stops the file from being created (or renamed).. Big "Forbidden File Name" error bounces across your screen when attempted.. If you *try* and upload a .htaccess file, you'll get a "Forbidden File Name" --OR-- if you upload the file as a text file then try and change it back to an .htaccess file name, ProFTP kicks back "Forbidden File Name" again... So the ghouls and evil doers aren't going to be doing much of notta with .htaccess files with this directive in your ProFTP config file.. Just give it a try... ;-) Babs.. __________________________________________________ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
