[KLUG Members] PHP hacked

Bruce Smith members@kalamazoolinux.org
01 Mar 2002 09:38:46 -0500

Previous message: [KLUG Members] PHP hacked
Next message: [KLUG Members] system problems on first day of live
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> >http://eletters1.ziffdavis.com/cgi-bin10/flo?y=eOqA0BgFYL0DUm0fPe0AX
> 
> Before wide spread panic sets in it should be pointed out that:
> 
> 1. This effects sites using file upload via POST.  How many publically
> accessible sites use file upload?  Can't remember the last time I found one.
> 
> 2. Features your site doesn't use *SHOULD BE DISABLED*,  so chances are if you
> have two nuerons to rub together file upload is already disabled.  If it is not
> do it now.  Also use those database connection limiters, etc... in the config
> file to draw boundries around what an httpd can do.  This is something you
> should do if using PHP, Perl, CGI, Python, Java, etc...

The Redhat _default_ PHP install has file uploads ENABLED BY DEFAULT.
Edit /etc/php.ini and change it!

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------

Previous message: [KLUG Members] PHP hacked
Next message: [KLUG Members] system problems on first day of live
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]