Re: How to filter .htaccess uploading?

["security.xentek" <eric () xentek net>]

You could try creating blank .htaccess files and making them immutable:

# touch .htaccess
# chattr +i .htaccess

That way they can't be changed or overwritten, even by root.



+       eric m.
+       http://xentek.net
+ + + + + + + + + + + + + +


"Security is mostly a superstition. It does not exist in nature, nor  
do the children of men as a whole experience it. Avoiding danger is  
no safer in the long run than outright exposure. Life is either a  
daring adventure or nothing." - Helen Keller


On Aug 10, 2007, at 12:59 AM, Monty Ree wrote:

> Hello,list.
>
> I heard that some attackers upload malicious .htaccess file using  
> upload program.
> So I would like to filter ".htaccess" uploading at apache, is there  
> any method?
> I know that modsecurity will solve this problem.. but I can't use  
> modsecurity yet for some reason.
>
>
> Thanks in advance.
>
> _________________________________________________________________
> MSN Messenger를 통해 온라인상에 있는 친구와 대화를 나누세요.    
> http://www.msn.co.kr/messenger