[mod-security-users] writing of php file to webserver owned directory -- can mod-security prevent t
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] writing of php file to webserver owned directory -- can mod-security prevent this?
|
From: John c. <co...@cc...> - 2007-12-02 16:01:04
|
Hi. I had an attack this morning where someone was able to execute
lwp-download for a text file and then rename it to a php file and then
he had some fun. The php file was called a.php and all the comments
are in a different character set, maybe Eastern European.
I have client-ip followed by the download command and in the next
request by the mv command. These were in the audit.log part B of each request.
Can mod-security prevent such a thing?
Any assistance would be appreciated.
--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?
John Covici
co...@cc...
|