You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 

Author: Zhen-XjellPostPosted: Fri Apr 08, 2005 2:53 pm    Post subject:

No one else has access to your server? Can you find that "testme" application?

Author: LadyCherryPostPosted: Sun Apr 10, 2005 8:01 am    Post subject: Re: Securing a Read, Write, Execute Directory?

Yes but I removed it right away.

Kicking myself now about it though.

If the directory is read write for the world anyone can add a file to the directory and execute it though right?

-Lady Cherry

Author: Zhen-XjellPostPosted: Sun Apr 10, 2005 10:32 am    Post subject:

From a local user yes. So that means someone can exploit a service on your system to write something to your FS. But at this point it doesn't appear you have much data to audit?



Nuke Cops -> Nuke Security

All times are GMT - 8 Hours

Page 1 of 1

Powered by phpBB © 2001,2002 phpBB Group
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 183 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Securing a Read, Write, Execute Directory? Securing a Read, Write, Execute Directory?

Nuke Cops -> Nuke Security

Author: LadyCherry PostPosted: Wed Apr 06, 2005 4:48 am    Post subject: Securing a Read, Write, Execute Directory?

Hey All,

I am using an attachment mod for my forums so that people can upload and display their art and other things in the forums.

Yesterday I found that a script was running on the server called testme. It was running with apache. Someone had found the world writable directory and was executing a script from it!

This is a major problem. I need the attachment mod for the functionallity of my site. How can I secure a world writable directory from this happening again?

I own and run the server.

Anyone have any ideas?

Thanks for your time,
-Lady Cherry
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.080 Seconds - 138 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
added by Evaders - DO NOT REMOVE
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::