| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.GSO.4.58.0504281500300.27746@kungfunix.net>
Date: Thu, 28 Apr 2005 15:06:53 -0400 (EDT)
From: Jesus <root@...urrected.us>
To: security curmudgeon <jericho@...rition.org>
Cc: piker piker <piker_666@...mail.com>, bugtraq@...urityfocus.com
Subject: Re: Vulnerability kali's tagboard
On Thu, 28 Apr 2005, security curmudgeon wrote:
> ******************************************
> * Example .htaccess File
> ******************************************
> AuthUserFile /home/username/public_html/tagboard/admin/.htpasswd
> AuthGroupFile /dev/null
> AuthName "Tagboard Admin Area"
> AuthType Basic
>
> <Limit GET POST>
> require valid-user
> </Limit>
Mod security alleviates most of this
SecFilterSelective THE_REQUEST "\&cmd" "redirect:http://www.gaytardedhax0rs.net"
As do normal apache settings
<Location /admin/>
#
Order deny,allow
Allow from YOUR_ADDRESS_GOES_HERE
Deny from all
ErrorDocument 403 http://www.gaytardedhax0rs.net
</Location>
Problem with an htaccess file is creating the users, then making sure no
kiddiot is using some password dumping script or program. IP based would
work better since I can't think of some silly scriptkiddiot injecting info
on the network level to pwn some site using any one of these injection
based tools.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
"The most tyrannical of governments are those which make
crimes of opinions, for everyone has an inalienable
right to his thoughts." -- Benedict Spinoza
//sil
http://www.kungfunix.net http://www.politrix.org
http://www.infiltrated.net http://bush.shafted.us
Powered by blists - more mailing lists