On Thu, 2008-04-17 at 14:01 +1000, Michael Chesterton wrote: > On 17/04/2008, at 6:09 AM, Rick Phillips wrote: > > > > !!!! 1 possible successful probes > > /long_path_to_file/../../../etc/passwd HTTP Response 200 > > > > With the environment (described above) in place, should I be > > worried or > > should I be confident that I have taken every precaution I can take? > > > > I would be a little concerned if they can download /etc/passwd, they > could > download a more sensitive file. Have you tried to download passwd > yourself? > does it actually work? > > What's your DocumentRoot, out of curiosity? > Thanks to all who have replied and reinforced my confidence in what I have been doing.
I don't have much gold but I have been through the pain of having my server hacked twice in quick succession some years ago when I was wetter behind the ears. Those events alone caused me to be somewhat paranoid. The server in question is a small commercial server but I maintain several others following the same rules I have outlined in my original email. It is not convenient for me to have to restore from any backups as some sites are inconeniently too far away. I do like one respondent said, keep mirror a image on a spare disk and when I was hacked that got me up again in minutes but this is not always convenient, especially when sites and email accounts change frequently. I think the exclusion of all connectivity except for a single IP address is my greatest protection along with frequently changing complex passwords and a non standard port. I was looking also to see if anyone had something to offer that I had not thought of but I am resting much easier now. Thanks again to all who responded. Rick -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
