On Fri, 05 Mar 2004 07:08:36 -0600, Pastor Doug Coats <dcoats at heritagemail.org> wrote: > The answer is..... > > Me! > > I programmed our web page with a vital error. I passed a variable that > contained the name of a file to be opened is such a way that it could be > changed. So the hacker simply changed it to whatever file they wanted to > see and presto - I handed them my box. > I'd be interested in "before and after" code... if you're willing to share...we all may be able to learn from this...! > Good news - We find no evidence that they have capitalized on this > information yet. > > Bad news - I have to change everyone's passwords immediately. > > I fixed(with the help of a friend) the website by checking the variable > for > a "/". If it contains that if simple kills the script. So now they are > locked into that directory. > > I will probably change it more so that the variable doesn't match the > exact > file it is opening but I think the passwords come first. > > Thank you for everyone that helped out. I finally tracked what the > cracker > was attempting to do in the httpd error logs and then duplicated their > efforts to my horror. > > Live and learn. > > Doug _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list