FreeLists / dokuwiki / [dokuwiki] Re: Strange attack on the wiki

[dokuwiki] || [Date Prev] [09-2006 Date Index] [Date Next] || [Thread Prev] [09-2006 Thread Index] [Thread Next]

[dokuwiki] Re: Strange attack on the wiki

From: "Oliver Schulze L." <oliver@xxxxxxxxxxxxx>
To: dokuwiki@xxxxxxxxxxxxx
Date: Fri, 08 Sep 2006 01:51:46 -0400

Hi Terrence, yes, is the same as using a .htaccess, the difference is that having many .htaccess files makes your apache server a little litle more slow.

Just write this in bin/.htaccess
Order deny,allow
Deny from all

BTW, I just tested the exploit and it does not work when having the
safe_mode and open_basedir options enabled in php.

HTH
Oliver

Terence J. Grant wrote:

Also, I noticed this comment in Oliver's quote of the exploit:
(but you could do the same uploading some file in /data/media folder through /lib/exe/media.php..., I choosed the first solution)
Would there be a similar .htaccess for this? (In other words, where
would it be put?)


--
Oliver Schulze L.
Get my e-mail after a captcha test in: http://tinymailto.com/oliver

--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

References:
- [dokuwiki] Strange attack on the wiki
  - From: Oliver Schulze L.
- [dokuwiki] Re: Strange attack on the wiki
  - From: Burton Rosenberg
- [dokuwiki] Re: Strange attack on the wiki
  - From: Julian Monteiro
- [dokuwiki] Re: Strange attack on the wiki
  - From: Oliver Schulze L.
- [dokuwiki] Re: Strange attack on the wiki
  - From: Terence J. Grant