NYCPHP Meetup

NYPHP.org

[nycphp-talk] Need some understanding about a hacker attack...

Dan Horning dan.horning at planetnoc.com
Sat Oct 11 10:01:47 EDT 2008


On Sat, 2008-10-11 at 21:55 +0800, mikesz at qualityadvantages.com wrote:
> Hello David,
> 
> Saturday, October 11, 2008, 9:42:46 PM, you wrote:
> 
> > mikesz at qualityadvantages.com wrote:
> >> I checked my test system also and when I do a directory the /xml
> >> folder, it shows me the content of the folder which is yet another
> >> outcome unexpected.
> >> 
> 
> > There is a setting in the Apache config that prevents the listing of 
> > directories. In a production system that should be always turned off.
> > Also, IIRC you can specify the name of the access file in the config as well,
> > so it may not always be .htaccess, but I cannot think of any plausible reason
> > to change that. But that may be worthwhile to check out.
> 
> > Oh, and at your earliest convenience change the hosting company. If they
> > cannot tell you how such a takeover happened then I wonder what they charge
> > you money for. Anyone with a PC can do that type of hosting...

> HA! My thoughts exactly. I was blown away when they suggested my
> scripts without ever checking their log files... Unbelievable! I
> thought it was a nobrainer to track such a blatant intrusion
> especially when the time frame of when the breach occurred is known
> almost to the second.
> 

i have to also +1 the new host thing.. ASAP

-- 
Dan Horning

American Digital Services - Where you are only limited by imagination.
direct 1-866-493-4218 . main 1-800-863-3854 . fax 1-888-474-6133
dan.horning at planetnoc.com
http://www.americandigitalservices.com




More information about the talk mailing list