On 15 Nov 2008, at 03:54, Paul B. Henson wrote:
Last month I had a problem where SSI appeared to be ignoring the
SymlinkIfOwnerMatch configuration directive. I opened a bug, and
eventually
discovered what appears to be a problem in the ap_directory_walk
function,
where reusing cached dire
Last month I had a problem where SSI appeared to be ignoring the
SymlinkIfOwnerMatch configuration directive. I opened a bug, and eventually
discovered what appears to be a problem in the ap_directory_walk function,
where reusing cached directory information bypasses the symbolic link
check.
I th
Hey Guys,
I have no need for anybody to have access to my server except me. I
run a couple of different webpages but there just standard and don't have
any. need for special security. ie no login pages and no passwords just for
viewing type. Should I add extra security precautions that I sho
Hey all,
Quick question about a vulnerability that was already fixed. I'm
specifically talking about the mod_autoindex UTF-7 XSS vulnerability that is
fixed in Apache 2.2.6. You can find it discussed under the Security Reports
for Apache 2.2 ( http://httpd.apache.org/security/vulnerabilities_22.ht
Hi,
Karel Kubat wrote:
> Hi Hiep,
>
> On Dec 12, 2007, at 3:13 PM, Hiep Nguyen wrote:
>
>> i installed apache on centos 5 and i have some questions regarding
>> security for apache. i read security tips on
>> http://httpd.apache.org/docs/2.2/misc/security_tips.html and get the
>> idea, but stil
On Wed, 12 Dec 2007, Karel Kubat wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Hiep,
On Dec 12, 2007, at 3:13 PM, Hiep Nguyen wrote:
i installed apache on centos 5 and i have some questions regarding security
for apache. i read security tips on
http://httpd.apache.org/docs/2.2/mi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Hiep,
On Dec 12, 2007, at 3:13 PM, Hiep Nguyen wrote:
i installed apache on centos 5 and i have some questions regarding
security for apache. i read security tips on http://
httpd.apache.org/docs/2.2/misc/security_tips.html and get the idea,
hi list,
i installed apache on centos 5 and i have some questions regarding
security for apache. i read security tips on
http://httpd.apache.org/docs/2.2/misc/security_tips.html and get the idea,
but still need some advices from guru here.
/etc/httpd/conf/httpd.conf:
ServerRoot "/etc/httpd
tober 2007 14:32
> Til: users@httpd.apache.org
> Emne: Re: [EMAIL PROTECTED] Security problem in apache with forms?
>
> Hey Harold,
>
> > "POST http://87.118.100.88/proxy5/check.php HTTP/1.1" 404 297
> > "POST http://82.228.61.77:49627/Chcks/Data_I.php HTTP/1.1&
On 10/30/07, Christian Folini <[EMAIL PROTECTED]> wrote:
> Hey Harold,
>
> On Tue, Oct 30, 2007 at 02:29:18PM +0100, Harald Heggelund wrote:
> > Since installing a new slackware server with apache and sendmail
> > out-of-the-box, I have noticed my server is sending (moderate amounts of)
> > spam wo
Hey Harold,
On Tue, Oct 30, 2007 at 02:29:18PM +0100, Harald Heggelund wrote:
> Since installing a new slackware server with apache and sendmail
> out-of-the-box, I have noticed my server is sending (moderate amounts of)
> spam worldwide.
> I suspect some webform or cgi-script. In the apache log,
Hello,
Since installing a new slackware server with apache and sendmail
out-of-the-box, I have noticed my server is sending (moderate amounts of)
spam worldwide.
I suspect some webform or cgi-script. In the apache log, I see lots of these
entries:
"POST http://87.118.100.88/proxy5/check.php HTTP/
Hey Makhan,
On Jun 17, 2007, at 5:47 PM, makhan wrote:
Thanks man, I did just that , but i am not getting anything in my
browser,
even running simple commands like date or dir isn't working. I
think there
is something wrong with my php. What it is i can't find out.
You need to go to a PHP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message
On Sun, 17 Jun 2007, makhan wrote:
Thanks man, I did just that , but i am not getting anything in my browser,
even running simple commands like date or dir isn't working. I think there
is someth
Thanks man, I did just that , but i am not getting anything in my browser,
even running simple commands like date or dir isn't working. I think there
is something wrong with my php. What it is i can't find out.
Res-2 wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> NotDashEscaped:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message
On Sun, 17 Jun 2007, makhan wrote:
Thsnks man for your reply. I checked my php.ini file and the options which
you told me. They are not set . and I am not in the safe mode either so this
exec fu
Thsnks man for your reply. I checked my php.ini file and the options which
you told me. They are not set . and I am not in the safe mode either so this
exec function should work. I have checked even a simple commands like data
or ls are not working correctly. Can you help me out what could be the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message
On Sun, 17 Jun 2007, makhan wrote:
Hi
I am trying to run an external program from the php using its exec()
function. But its not executing the program I think the issue is with the
apache secu
makhan wrote:
> Hi
>
> I am trying to run an external program from the php using its exec()
> function. But its not executing the program I think the issue is with the
> apache security setting i.e its not allowing external requests to execute
> programs on the server.
It's a php.ini setting - s
Hi
I am trying to run an external program from the php using its exec()
function. But its not executing the program I think the issue is with the
apache security setting i.e its not allowing external requests to execute
programs on the server.
Can someone please guide me how I can enable these
This really isn't a Apache per se but I'm going to guess that many of
you have dealt with this problem in the past and I could use some
advice. I'm having issues with people trying to hack my box. They are
coming in through php scripts on sites that have 777 directories. I've
done a lot to make
On 9/28/06, Germer, Carsten <[EMAIL PROTECTED]> wrote:
Red box? I don't see a red box on this page? Wait... I'll take of my
see-the-world-in-pink-glasses...
Oh, that red box! >_< Gah, I'm sorry. I've updated my apache but haven't
read the new documentation.
S, since our system is quite depen
8, 2006 5:13 PM
>To: users@httpd.apache.org
>Subject: Re: [EMAIL PROTECTED] Security glitch with Rewrite and Proxy
>
>
>On 9/28/06, Germer, Carsten <[EMAIL PROTECTED]> wrote:
>> Hi :)
>> >Perhaps you have modified your logformat to log origclientaddr?
>> Yes, I ha
On 9/28/06, Germer, Carsten <[EMAIL PROTECTED]> wrote:
Hi :)
>Perhaps you have modified your logformat to log origclientaddr?
Yes, I have. Our modified LogFormat puts ORIGCLIENTADDR where originally
the IP-adress is.
>Are you running mod_cache?
# mod_cache directives
CacheDefaultExpire 3600
Cach
n being touched (no line in RewriteLog).
Thanks for your quick reply! /Carsten
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
>Joshua Slive
>Sent: Thursday, September 28, 2006 4:52 PM
>To: users@httpd.apache.org
>Subject: Re: [EMAIL PROT
On 9/28/06, Germer, Carsten <[EMAIL PROTECTED]> wrote:
Hello everyone!
I hope there is someone out there who can help with this or can point me
out to someone who might be able to...
We use Scientific Linux IV (based on Redhat Enterprise 4) and Apache
2.2.3-1i386 (RPM from Apache)
Here is the s
Hello everyone!
I hope there is someone out there who can help with this or can point me
out to someone who might be able to...
We use Scientific Linux IV (based on Redhat Enterprise 4) and Apache
2.2.3-1i386 (RPM from Apache)
Here is the snippet from my virthost
RewriteEngine on
# Block ever
MAIL PROTECTED]>
To:
Sent: Thursday, April 27, 2006 8:24 PM
Subject: Re: [EMAIL PROTECTED] Security scanners.
> It was thus said that the Great Georgy Goshin once stated:
>>
>> Hello,
>>
>> A few of virtual hosts on my server was hacked - the content was replaced
>>
: [EMAIL PROTECTED] Security scanners.
There is about 50 virtual servers, I can't reinstall now, need to find
the
hole.
The changed file has apache.apache ownership, so I think that the hole
in
web server of php.
G.
- Original Message -
From: "Sean Conner" <[EM
Sean Conner wrote:
[2] Actually, I do know of some, but they're the software programs that
are currently trying to break in through an insecure webserver or
CGI scripts. You can check your web logfiles and see plenty of
those happening. If any of those requests are
, April 27, 2006 8:24 PM
Subject: Re: [EMAIL PROTECTED] Security scanners.
It was thus said that the Great Georgy Goshin once stated:
Hello,
A few of virtual hosts on my server was hacked - the content was replaced
and I can't figure how they did it. Is there any software that will scan
It was thus said that the Great Georgy Goshin once stated:
>
> Hello,
>
> A few of virtual hosts on my server was hacked - the content was replaced
> and I can't figure how they did it. Is there any software that will scan the
> web server and checks for known security holes?
I don't know of
Hello,
A few of virtual hosts on my server was hacked - the content was replaced
and I can't figure how they did it. Is there any software that will scan the
web server and checks for known security holes?
Thanks,
G.
-
T
Suexec dows all the job.
The rights were wrong.
Sterpu Victor wrote:
How do I setup apache so that diffrent virtual hosts can't read one
eachother files(using cgi's by example)?
I know that there is a module that runs a diffrent instance of apache
for every virtual host(each instance on a d
How do I setup apache so that diffrent virtual hosts can't read one
eachother files(using cgi's by example)?
I know that there is a module that runs a diffrent instance of apache
for every virtual host(each instance on a diffrent user).
Does someoane recalls how is this module named?
I tryed
On 11/13/05, Siegfried Heintze <[EMAIL PROTECTED]> wrote:
>
> I've been reading
> http://httpd.apache.org/docs/2.0/mod/mpm_common.html#user
> and was looking for a windows example. How should I set up a special account
> for the web server to run in?
In windows, this is done through the services
I’ve been reading http://httpd.apache.org/docs/2.0/mod/mpm_common.html#user
and was looking for a windows example. How should I set up a special account
for the web server to run in?
Siegfried
ssage may be ignored.
-Original Message-From: Kailash Vyas [mailto:[EMAIL PROTECTED]]Sent: Mittwoch, 19. Oktober 2005 10:51To:
users@httpd.apache.orgSubject: [EMAIL PROTECTED] security issuehi all,I was facing some problems with webserver security.There
was a process running on the server which wa
wen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
-Original Message-
From: Kailash Vyas [mailto:[EMAIL PROTECTED]
Sent: Mittwoch, 19. Oktober 2005 10:51
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] security issue
hi all,
I was facing some problems with
hi all,
I was facing some problems with webserver security.
There was a process running on the server which was downloaded to tmp
directry by using wget from a script making rpc calls on the server.
I have disabled the wget execute permissions but how do i make the webserver more secure for
olved :).
BR, Baynaa.
-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 05, 2005 8:48 PM
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] security
Plain text please...
This has nothing to do with the "software" not being secure.
D]
Sent: Mittwoch, 5. Oktober 2005 10:33
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] security
Hi,
In our web, users should login to access certain contents. But today we've just
realized that, one can acces those contents without loging in. In other words,
just typing http://xxx.xx/g
Can you give me a little bit more info on
this issue? One of the number of the ways?
From: Peter J Milanese
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 05, 2005
4:39 PM
To: users
Subject: Re: [EMAIL PROTECTED]
security
There are a number of ways to handle this
PROTECTED] Sent: 10/05/2005 04:33 AM To: Subject: [EMAIL PROTECTED] security
Hi,
In our web, users should login to access certain contents. But
today we’ve just realized that, one can acces those contents without
loging in. In other words, just typing http://xxx.xx/graph_view.php?action
Hi,
In our web, users should login to access certain contents. But
today we’ve just realized that, one can acces those contents without
loging in. In other words, just typing http://xxx.xx/graph_view.php?action="">
brings the graphs. We are using free software, may be that’s why it is
not
45 matches
Mail list logo