Current time: 04-17-2014, 05:53 AM Hello There, Guest! (LoginRegister)

Post Reply 
httpd.conf file?
04-08-2002, 01:25 AM
Post: #11
Hacking 101
What's the actual line added to your .htaccess files? What magical code have you found that can stop this?

If I'm not mistaken, Apache is reconfigured every 15 minutes on most dreamhost servers. But if it needs a total restart (very unlikely from a configuration in .htaccess) then you'll have to contact support.

Wil
--
Web Developer
http://www.fbagroup.co.uk/
Find all posts by this user
Quote this message in a reply
04-08-2002, 01:48 AM
Post: #12
Hacking 101
changing stuff in an .htaccess file doesn't require a server reload.

i noticed that we're not currently preventing authenticated users from downloading / viewing the .htpasswd files, so it's possible for an authenticated user to view the .htpasswd file if the file isn't below the web root. for domains with password protection added from our web panel, this is the default.

we're most likely going to add something like the following to the .htaccess file or to the apache configuration on the server:
<FIlesMatch "^\.ht*">
deny from all
</FilesMatch>
(I think there might be an apache directive specific to preventing this type of thing as well - perhaps the directive that disallows viewing of dot-files).

Generating .htaccess files from the command line using the directions in kbase will not have this problem, since our instructions suggest putting the htpasswd file below the web root.

While the passwords are encrypted, they're encrypted using 'crypt', and so passwords are not that hard to crack, especially weak passwords.
Visit this user's website Find all posts by this user
Quote this message in a reply
04-08-2002, 03:16 AM
Post: #13
Hacking 101
Wil, you can sign up for your own free account at http://www.pennywize.com. They'll give you the instructions for getting it set up that way. My trying to explain what I hardly understand probably won't work all that well! Wink

Basically, it was a two part set up. Stuff in the cgi bin and then the lines added to the .htaccess file.

*hugs*
Amber
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: