Mark Cassino wrote: >I put in a Trouble Ticket with my Webhost this morning asking >about how how to assure that uploads are secure, but >have yet to hear a reply.
I'm wondering if it isn't a security hole in your host's web server that is at the root of the problem. They're running Linux and Apache but who knows how it's configured or if they have all the latest patches. >I spent some time digging through my access logs today and determined >that I stumbled into the rogue files about 3 hours after they were >uploaded - and things seem to have been quiet since then (although >thousands of porn sites are requesting files from the now deleted >directory.) > >I have the IP address that uploaded them Would you mind revealing the IP address (in public or in private)? I'm curious. >I did some pretty aggressive stuff (with help from someone who >knew what he was doing) with the .htaccess file in my blog's >directory. I've been meaning to investigate that kind of thing myself. Mainly to prevent people from hotlinking my images. >I may just ban this whole range of IP addresses from the site for >good and forever. I'm glad to have a web host that'll do that kind of thing for me: They'll firewall IP addresses at the border router for me if there's a real problem. In fact, if my guess is right about the IP range that caused your problem, I'll bet that's already been done long ago :) -- PDML Pentax-Discuss Mail List [email protected] http://pdml.net/mailman/listinfo/pdml_pdml.net
