Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
On Thu, 20 Mar 2008, Pottinger, Hardy J. wrote:
What does it mean to "set up a public_html folder"?
Sorry, forgot to connect a dot: if the brute force attack succeeds (due
to a weak password or a lucky script-kiddie), then the attacking script
can attempt to create a public_html folder. (note, we're talking FTP or
SSH brute force attack here) If that succeeds, the script can install a
package of scripts (php, perl cgi, etc.), rootkits, the usual, that can
facilitate further experimentation. Even if you're locked down pretty
well (you're patched, rootkit fails) they have a backdoor to your
system, and can continue to look for weaknesses in your Apache setup.
OK. I get it now. It's like I was saying about the password attack with
known username but now you're adding the bit about installing scripts to
attack the web server.
I don't call mine "public_html" but they might be able to guess the name
that I use!
Mike
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact