"prime suspectz ownz you" hack page.

but i got their ADSL ip number after emailing them with a web bug.

eeediots.

--brendan avery / ba@brendanavery.com

At 03:14 PM 1/11/2001 -0500, you wrote: >How does one test to see if the problem has be fixed? > >Won > >-----Original Message----- >From: Zachary Bedell [mailto:Aramis@adirondack.net] >Sent: Thursday, December 21, 2000 10:47 PM >To: CF-Talk >Subject: RE: The +.htr bug strikes again > > > > Someone should probably make an official "checklist" > > to run through when you setup a CF server. > >How about these additions to said checklist: > >In addition to removing the .htr mapping, also remove the mappings for any >other extensions that you won't be using on that server. > >Like: >htw -- unless you're using the WebHits highligher >ida, idq, htr, idc -- unless you're using old-style Index Server access >asp, cer, cdx, asa -- unless you're also hosting ASP apps on that server >shtm, shtml, stm -- unless you're using Server Side Include files >printer -- WTF is this and why did IIS install it for Win2k? > >You could probably also yank the dbm extension unless you have REALLY old CF >code lying around. > >Basically your goal is to DISABLE any functionality of your server that >you're not currently using. The less junk you have running on the server, >the less chance someone will find a bug in part of the server you didn't >even know was there. > >Granted, there's a fine and arcane art to disabling just the right things >without breaking any part of your server. You'd be best to play on a >production server that you can afford to trash & reinstall a few times if >need be. Certainly, though, deleting extensions for file types not used in >your sites (or your customer's sites for webhosts) is completely safe and a >good idea in general. > >Best regards, >Zac Bedell >