On 7/3/06, Paolo Alexis Falcone <[EMAIL PROTECTED]> wrote:
Simple: phbb is installed as a user, and on a user-writable partition, say /home/user/public_html. It's quite simple in apache to make a virtual hostname openminds.linux.org.ph to use the /home/user/public_html directory.
too bad since they claim that only "one of the user" installed phpbb. hmmm that "said user" has control on apache's configuration that he/she managed to point out openminds main page to his public_html and obviously, a compromise of his public_html has an effect to the main index page of openminds. simple indeed!
If you'd be really be wanting to do something a little more secure for web based applications, it's quite a common recommendation NOT to install your CGI's (or any executable content) on a writable area.
its very very idiotic to install cgi on a writable area by the user that will execute that cgi.
> On 7/1/06, manny <[EMAIL PROTECTED]> wrote: > > On Tue, 27 Jun 2006, Dominique Cimafranca wrote: > > > I spoke with the administrator of the server. The exploit took place through > > > an older unpatched version of phpBB-Nuke, which one of the users had > > > uploaded to the site. Only the bulletin board was compromised. The server > > > itself wasn't. > > > > I checked the site. It's missing some frames. Probably some files were > > deleted. > > > > God bless! > > _________________________________________________ > > Philippine Linux Users' Group (PLUG) Mailing List > > [email protected] (#PLUG @ irc.free.net.ph) > > Read the Guidelines: http://linux.org.ph/lists > > Searchable Archives: http://archives.free.net.ph > > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > [email protected] (#PLUG @ irc.free.net.ph) > Read the Guidelines: http://linux.org.ph/lists > Searchable Archives: http://archives.free.net.ph -- Paolo Alexis Falcone [EMAIL PROTECTED] _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
