Re: Front Page Extensions

[m_a_n_i_a_c_ () HOTMAIL COM (Maniac .)]

The biggest issue around FP Extensions is the assignment of permissions on
the specific DLLs that are installed.  But, if the logs where nailed are you
sure it was a FP only exploit?  Could the attacker have used the RDS exploit
to gain command prompt and nail the logs?

As far as apache goes, incorrectly configured apache is just as insecure as
an incorrectly configured IIS box.  How can putting apache in increase your
security?  Unless you are not proficient with IIS and NT security.

> Hi,
>
> Something strage as append. One of my clients have an winnt
> machine with cluster, and have Front Page Ext. to publish is
> page. some time ago he was hacked, an logs were corrupt does
> anyone knows any vuln on Front page thar allows an selective
> cleanning of the logs? The only evident exposures were that
> aparently nothing else was modified. I just like to say that
> the securing of this site isn't my responsability or else I
> would put apache in there. but...... :(
>
>
> Vitor Ventura

-==-Man!ac-==-
"I don't intend to offend, I offend with my intent"

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com