[nycphp-talk] Need some understanding about a hacker attack...
David Krings
ramons at gmx.net
Sat Oct 11 09:42:46 EDT 2008
mikesz at qualityadvantages.com wrote:
> I checked my test system also and when I do a directory the /xml
> folder, it shows me the content of the folder which is yet another
> outcome unexpected.
>
There is a setting in the Apache config that prevents the listing of
directories. In a production system that should be always turned off.
Also, IIRC you can specify the name of the access file in the config as well,
so it may not always be .htaccess, but I cannot think of any plausible reason
to change that. But that may be worthwhile to check out.
Oh, and at your earliest convenience change the hosting company. If they
cannot tell you how such a takeover happened then I wonder what they charge
you money for. Anyone with a PC can do that type of hosting...
David
More information about the talk
mailing list