Portal Home > Knowledgebase > Articles Database > Options Override & Addtype Sec. Hole?!!
Options Override & Addtype Sec. Hole?!!
| Posted by mello21century, 08-14-2010, 10:35 PM |
| Hello everyone
I got a problem that yesterday I found an uploaded shell on my server and found this .htaccess file
I noticed that there was a 1.txt file that been symlink to "/" directory
those are uploaded using old scripts on my clients sites and/or hacking my clients pcs
I use cxs,csf,modsec., apache 2.2,php5.2.14,suphp,suhosion and I need to disable the override these stuff but I got a problem that I don't want to lose supporting joomla and open sources software that use rewrite and other less security issues
is there a way to disable symlink, I chmoded "ln" and tried to disable override in httpd.conf from an old tutorials around here but it all failed
please advice
|
| Posted by mello21century, 08-16-2010, 04:50 PM |
| Any idea to avoid this?
|
| Posted by Steven, 08-16-2010, 08:24 PM |
| You can disable the override ability but, your customers may not be happy with that.
|
| Posted by mello21century, 08-17-2010, 12:47 AM |
| then what do you suggest?
is there a some security hack to avoid this?
|
| Posted by hostsean, 08-28-2010, 05:21 AM |
| hi i use this
Options ALL ExecCGI -FollowSymLinks -Includes IncludesNOEXEC +Indexes -MultiViews SymLinksIfOwnerMatch
AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,Includes,MultiViews,SymLinksIfOwnerMatch,DirectoryIndex,AddCharset,FileETag
but have a problem whit htaccess: Illegal option DirectoryIndex
i can find how to fix this
|
Add to Favourites 
Print this Article
Also Read
CSF Problem (Views: 766)
Shared Hosting
Shared Hosting
