Re: hacked?

[Rick Stevens <rstevens internap com>]

On Mon, 2007-04-09 at 20:39 -0600, Karl Pearson wrote:
> On Mon, April 9, 2007 12:26 pm, Rick Stevens wrote:
<snip>
> >> It seems like I always have to depend on someone to secure the machines to
> >> some extent, whther it's the OS writers, the ap writers, or whatever. But,
> >> I'll do my best (and, yes, I am learning!).
> >>
> >> In the .htaccess, it seems that send-as-is *.pdf would not get around this
> >> problem, since the hacker put in something called 100.php.3 . But, could I
> >> put in send-as-is * and just have EVERYTHING sent as is, nothing
> >> interpreted?
> >
> > Yes, that would do it.  And make sure you do that ESPECIALLY in the
> > upload directory.
> 
> Doesn't that prevent index.cgi type files from working correctly?

Yes, it will.  But in an upload directory, who cares?  You don't want
people snooping around in there anyway, do you?  I don't.

In my world, upload directories are quarantined...you can't look into
them, know what's in them and you can't download from them...UNTIL I
look them over and move them to a non-quarantined area.  I also don't
permit CGI scripts of ANY kind to run anywhere on my systems until I've
checked them and given them a clean bill of health.

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer             rstevens internap com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-         Okay, who put a "stop payment" on my reality check?        -
----------------------------------------------------------------------