Re: [SLUG] Can I be comfortable with this log message

[Rick Phillips <rickp@xxxxxxxxxxxxxx>]

On Thu, 2008-04-17 at 14:01 +1000, Michael Chesterton wrote:
> On 17/04/2008, at 6:09 AM, Rick Phillips wrote:
> >
> > !!!! 1 possible successful probes
> >     /long_path_to_file/../../../etc/passwd HTTP Response 200
> >
> > With the environment (described above) in place, should I be  
> > worried or
> > should I be confident that I have taken every precaution I can take?
> >
> 
> I would be a little concerned if they can download /etc/passwd, they  
> could
> download a more sensitive file.  Have you tried to download passwd  
> yourself?
> does it actually work?
> 
> What's your DocumentRoot, out of curiosity?
> 
Thanks to all who have replied and reinforced my confidence in what I
have been doing.

I don't have much gold but I have been through the pain of having my
server hacked twice in quick succession some years ago when I was wetter
behind the ears.  Those events alone caused me to be somewhat paranoid.
The server in question is a small commercial server but I maintain
several others following the same rules I have outlined in my original
email.  It is not convenient for me to have to restore from any backups
as some sites are inconeniently too far away.

I do like one respondent said, keep mirror a image on a spare disk and
when I was hacked that got me up again in minutes but this is not always
convenient, especially when sites and email accounts change frequently.

I think the exclusion of all connectivity except for a single IP address
is my greatest protection along with frequently changing complex
passwords and a non standard port.

I was looking also to see if anyone had something to offer that I had
not thought of but I am resting much easier now.

Thanks again to all who responded.

Rick