Web directories attacked with bad .htaccess
Hello,
In an up-to-date Debian Sarge box yesterday I found a lot of bad
.htaccess looking like this:
Options -MultiViews
ErrorDocument 404 //foldername/time.php
I found that many of them where located in 777 directories like the
smarty templates_c. Not all of them though. It has been a system wide
problem because it has affected to lots of folders of different users.
This was producing an apache Internal Sever Error in every directory
they were located because of an "Options not allowed here"
As a measure I changed 777 to www-data owner + 755:
find . -perm 777 -exec chmod 755 {} \; -exec chown www-data {} \;
Where . was DocumentRoot
It won't hurt but I doubt it will solve the vulnerability
Any suggestions or similar experiences?
Thanks in advance.
Ramon
Reply to: