TallyList : mailing list management, archiving, and analysis

Archive of:
CF-Talk
Cold Fusion - Technical

home
24 hour view
quick stats
weekly updates

all tallylists
corporate solutions
archive your favorite
help / feedback

About Cold Fusion :
product's home
product's list home

Archived TallyList / CF-Talk:
Subject: Re: The +.htr bug strikes again

Brendan Avery (25p/+2r) Posted: Thursday 11 Jan 2001
This post: 97 views, +0 rating

Um no you can't.

The buffer underrun abends the logging process.

-b][a-

At 04:16 PM 1/11/2001 -0500, you wrote: >You coulda just checked your logs and found their IP address that way too. > >--=@ greg @=-- >----- Original Message ----- >From: "Brendan Avery" <ba@brendanavery.com> >To: "CF-Talk" <cf-talk@houseoffusion.com> >Sent: Thursday, January 11, 2001 3:33 PM >Subject: RE: The +.htr bug strikes again > > > > we got hit with an /iisadmpwd/*.htr bug hack a couple of days ago on a > > low-security machine. > > > > "prime suspectz ownz you" hack page. > > > > but i got their ADSL ip number after emailing them with a web bug. > > > > eeediots. > > > > --brendan avery / ba@brendanavery.com > > > > At 03:14 PM 1/11/2001 -0500, you wrote: > > >How does one test to see if the problem has be fixed? > > > > > >Won > > > > > >-----Original Message----- > > >From: Zachary Bedell [mailto:Aramis@adirondack.net] > > >Sent: Thursday, December 21, 2000 10:47 PM > > >To: CF-Talk > > >Subject: RE: The +.htr bug strikes again > > > > > > Someone should probably make an official "checklist" to run through when you setup a CF server. > > > > > >How about these additions to said checklist: > > > > > >In addition to removing the .htr mapping, also remove the mappings for >any > > >other extensions that you won't be using on that server. > > > > > >Like: > > >htw -- unless you're using the WebHits highligher > > >ida, idq, htr, idc -- unless you're using old-style Index Server access > > >asp, cer, cdx, asa -- unless you're also hosting ASP apps on that server > > >shtm, shtml, stm -- unless you're using Server Side Include files > > >printer -- WTF is this and why did IIS install it for Win2k? > > > > > >You could probably also yank the dbm extension unless you have REALLY old >CF > > >code lying around. > > > > > >Basically your goal is to DISABLE any functionality of your server that > > >you're not currently using. The less junk you have running on the >server, > > >the less chance someone will find a bug in part of the server you didn't > > >even know was there. > > > > > >Granted, there's a fine and arcane art to disabling just the right things > > >without breaking any part of your server. You'd be best to play on a > > >production server that you can afford to trash & reinstall a few times if > > >need be. Certainly, though, deleting extensions for file types not used >in > > >your sites (or your customer's sites for webhosts) is completely safe and >a > > >good idea in general. > > > > > >Best regards, > > >Zac Bedell > > > > > >

Similar Subject Line Posts (+/- two weeks of this post)

RE: The +.htr bug strikes again	11 Jan 2001	(109 v/ +0 r)
Re: The +.htr bug strikes again	11 Jan 2001	(287 v/ +2 r)
RE: The +.htr bug strikes again	11 Jan 2001	(91 v/ +0 r)
Re: The +.htr bug strikes again	11 Jan 2001	(99 v/ +0 r)
Re: The +.htr bug strikes again	11 Jan 2001	(105 v/ +0 r)
Re: The +.htr bug strikes again	11 Jan 2001 (this post)	(97 v/ +0 r)
RE: The +.htr bug strikes again	11 Jan 2001	(110 v/ +0 r)
RE: The +.htr bug strikes again	11 Jan 2001	(96 v/ +0 r)
RE: The +.htr bug strikes again	11 Jan 2001	(94 v/ +0 r)
RE: The +.htr bug strikes again	11 Jan 2001	(92 v/ +0 r)
Re: The +.htr bug strikes again	11 Jan 2001	(91 v/ +0 r)
Re: The +.htr bug strikes again	11 Jan 2001	(108 v/ +0 r)
Re: The +.htr bug strikes again	11 Jan 2001	(99 v/ +0 r)

Send a reply to the CF-Talk list!
	NOTE: Many lists will reject your post unless you have already registered with them. Also - don't forget the right account to send from (for those with multiple emails!)