next message in archive
next message in thread
previous message in archive
previous message in thread
Index of Subjects
Index of Subjects Looks like someone has indexed your CS_INFO/adm directory... you might want to add a 'disallow' to the CS_INFO/robots.txt file however... With respect to the cgi-*bin directories... out of the box they should be sufficiently protected... I'll email you the details of the default security separately... anyone else who would like to check their own configuration should email me directly. david potter On Thu, 22 Oct 1998, Gord Fisch wrote: > Greetings, > > Had a troubling e-mail from Gord Hines. He was searching for United Way in > Regina and found it but also this URL > http://www.gpfn.sk.ca/cgi-officebin/reverse-money > > Anyone could go in a dick with the accounting files. Also wide open were > scripts in cgi-membin, cgi-cnbin and cgi-ipbin. > > How this got on any search engine is a mystery. Anyway, I added a few > lines to /etc/apache/access.conf for these directories. > This generated errors. It took me a while to realize the .htaccess files > had > AuthName Office Administration > which had to be quoted > AuthName "Office Administration" > Now they work. > > Maybe no one at csuite has had anyone try to access the script directly? > > > Gord || Program Officer: SK Cultural Exchange Society > Fisch || Webmaster: Great Plains Free-Net >
next message in archive
next message in thread
previous message in archive
previous message in thread
Index of Subjects