> Very good suggestion, indeed. > > Especially, if someone has a 'dangerous' file, a PHP Shell for instance, > (a perfect example: > http://mgeisler.net/downloads/phpshell/phpshell-1.7.tar.gz) > inside such a directory. (Or even maybe a simple file uploader, that will > help the attacker to upload such 'shell-over-http' files.)
Also, think "emacs-turdfile". Have any config.php~ lying around? or index.php~? Are you SURE? -kj
