[KLUG Members] PHP hacked
Bruce Smith
members@kalamazoolinux.org
01 Mar 2002 09:38:46 -0500
> >http://eletters1.ziffdavis.com/cgi-bin10/flo?y=eOqA0BgFYL0DUm0fPe0AX
>
> Before wide spread panic sets in it should be pointed out that:
>
> 1. This effects sites using file upload via POST. How many publically
> accessible sites use file upload? Can't remember the last time I found one.
>
> 2. Features your site doesn't use *SHOULD BE DISABLED*, so chances are if you
> have two nuerons to rub together file upload is already disabled. If it is not
> do it now. Also use those database connection limiters, etc... in the config
> file to draw boundries around what an httpd can do. This is something you
> should do if using PHP, Perl, CGI, Python, Java, etc...
The Redhat _default_ PHP install has file uploads ENABLED BY DEFAULT.
Edit /etc/php.ini and change it!
--------------------------------------------
Bruce Smith bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan 49093 USA
http://www.armstrong-intl.com/
--------------------------------------------