SLUG Mailing List Archives
Re: [SLUG] Can I be comfortable with this log message
- To: slug <slug@xxxxxxxxxxx>
- Subject: Re: [SLUG] Can I be comfortable with this log message
- From: Rick Phillips <rickp@xxxxxxxxxxxxxx>
- Date: Thu, 17 Apr 2008 17:33:20 +1000
On Thu, 2008-04-17 at 14:01 +1000, Michael Chesterton wrote:
> On 17/04/2008, at 6:09 AM, Rick Phillips wrote:
> > !!!! 1 possible successful probes
> > /long_path_to_file/../../../etc/passwd HTTP Response 200
> > With the environment (described above) in place, should I be
> > worried or
> > should I be confident that I have taken every precaution I can take?
> I would be a little concerned if they can download /etc/passwd, they
> download a more sensitive file. Have you tried to download passwd
> does it actually work?
> What's your DocumentRoot, out of curiosity?
Thanks to all who have replied and reinforced my confidence in what I
have been doing.
I don't have much gold but I have been through the pain of having my
server hacked twice in quick succession some years ago when I was wetter
behind the ears. Those events alone caused me to be somewhat paranoid.
The server in question is a small commercial server but I maintain
several others following the same rules I have outlined in my original
email. It is not convenient for me to have to restore from any backups
as some sites are inconeniently too far away.
I do like one respondent said, keep mirror a image on a spare disk and
when I was hacked that got me up again in minutes but this is not always
convenient, especially when sites and email accounts change frequently.
I think the exclusion of all connectivity except for a single IP address
is my greatest protection along with frequently changing complex
passwords and a non standard port.
I was looking also to see if anyone had something to offer that I had
not thought of but I am resting much easier now.
Thanks again to all who responded.