Home page logo
/

basics logo Security Basics mailing list archives

Re: How to filter .htaccess uploading?
From: "security.xentek" <eric () xentek net>
Date: Fri, 10 Aug 2007 12:00:02 -0400

You could try creating blank .htaccess files and making them immutable:

# touch .htaccess
# chattr +i .htaccess

That way they can't be changed or overwritten, even by root.



+       eric m.
+       http://xentek.net
+ + + + + + + + + + + + + +


"Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure or nothing." - Helen Keller


On Aug 10, 2007, at 12:59 AM, Monty Ree wrote:

Hello,list.

I heard that some attackers upload malicious .htaccess file using upload program. So I would like to filter ".htaccess" uploading at apache, is there any method? I know that modsecurity will solve this problem.. but I can't use modsecurity yet for some reason.


Thanks in advance.

_________________________________________________________________
MSN Messenger를 통해 온라인상에 있는 친구와 대화를 나누세요. http://www.msn.co.kr/messenger


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault