NYCPHP Meetup

[mikesz at qualityadvantages.com]

Hello David,

Saturday, October 11, 2008, 9:42:46 PM, you wrote:

> mikesz at qualityadvantages.com wrote:
>> I checked my test system also and when I do a directory the /xml
>> folder, it shows me the content of the folder which is yet another
>> outcome unexpected.
>> 

> There is a setting in the Apache config that prevents the listing of 
> directories. In a production system that should be always turned off.
> Also, IIRC you can specify the name of the access file in the config as well,
> so it may not always be .htaccess, but I cannot think of any plausible reason
> to change that. But that may be worthwhile to check out.

> Oh, and at your earliest convenience change the hosting company. If they
> cannot tell you how such a takeover happened then I wonder what they charge
> you money for. Anyone with a PC can do that type of hosting...


> David
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk

> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com

> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php

> __________ Information from ESET Smart Security, version of virus
> signature database 3514 (20081011) __________

> The message was checked by ESET Smart Security.

> http://www.eset.com


HA! My thoughts exactly. I was blown away when they suggested my
scripts without ever checking their log files... Unbelievable! I
thought it was a nobrainer to track such a blatant intrusion
especially when the time frame of when the breach occurred is known
almost to the second.

-- 
Best regards,
 mikesz                            mailto:mikesz at qualityadvantages.com