WebApp Sec mailing list archives
htaccess with apache
From: Hans Mueller <mr_chief () gmx de>
Date: 4 Nov 2003 10:43:41 -0000
Hi list I've got a little question. I've got a mail from someone that my Webserver (Apache 1.3.20)is not secure. In the Mail he attached the files .htaccess und passwd which are really from my Web-Server. I've got some simple cgi-Scripts on my server and he said he used one of them (XXXXXX.ziel.cgi?template=maske1.html.....) to get the files. I thought a Directory secured with mod_access cannot be read/accessed without the proper password. Unfortunately the guy is not answering to my eMails and I want to secure my Webserver. Even if he just read the Files (Tripwire didn't show any changes), and didn't wrote something to the server. How is it possible to read the files secured with mod_access with a cgi script? Thanks to all an sorry for my funny English Hans
Current thread:
- htaccess with apache Hans Mueller (Nov 04)
- Re: htaccess with apache David Precious (Nov 04)
- Re: htaccess with apache Graham Lally (Nov 04)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache A.D.Douma (Nov 04)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache Sverre H. Huseby (Nov 04)
- Re: htaccess with apache Tim Tompkins (Nov 04)
- Re: htaccess with apache Lucas Holt (Nov 04)
- Re: htaccess with apache A.D.Douma (Nov 05)
- Re: htaccess with apache Tim Greer (Nov 04)
- Re: htaccess with apache Graham Lally (Nov 04)