AskApache » Search Results » opaque

Password Protection Plugin Status

AskApache — Sun, 01 Mar 2009 18:39:57 +0000

Enumerating Permissions can be Annoying

Don’t ask me how because I won’t tell you, but on one of the hosts I was testing on that did not allow direct access I was able to get the Apache server running as dhapache to erroneously write a file into my users blog directory. This is a big security no-no and I now have my .htaccess file written into the blog directory where it should go, but instead of my php script’s user having write access to the file so I can modify it, its owned by dhapache! Because the file is owned by dhapache I shouldn’t even be allowed to know it exists, but there it is. So the next step was to try and take ownership of the .htaccess file so that I could modify it. I tried and tried but was unsuccessful, I couldn’t modify it so that was another dead end. Actually it took me awhile to figure out how to remove the file from my directory. Being that it was owned by dhapache I couldn’t delete or modify it using my php process or even through ftp/ssh! Sysadmins regularly run find commands that search the servers for any files owned by dhapache that should not be there as this is a big red flag that someone has found a way to manipulate dhapache which could potentially lead to modifying dhapache-owned server config files, which sometimes is all it takes to hack your website and server.. Luckily I was able to delete it by basically running the hack again to overwrite the file.

The post Password Protection Plugin Status appeared first on AskApache.

Apache Directives and Modules on DreamHost

AskApache — Fri, 23 Nov 2007 12:23:09 +0000

Apache .htaccess Directives and Loaded Modules allowed on DreamHost Apache Server 2 Setups.

The post Apache Directives and Modules on DreamHost appeared first on AskApache.

Getting flash to show up in front of content

AskApache — Sun, 07 Oct 2007 16:20:29 +0000

I used to have a problem of controlling flash elements on my sites.. On one site we have 6 different flash flv movies that are all the same size and are in the same position on the page. But only 1 is displayed at a time based on what the user wants to watch. So the selected flash movie needs to have the highest stacking order/zIndex.

The post Getting flash to show up in front of content appeared first on AskApache.

.htpasswd file Generator

AskApache — Wed, 03 Oct 2007 21:25:14 +0000

The post .htpasswd file Generator appeared first on AskApache.

Speed Up Sites with htaccess Caching

AskApache — Tue, 05 Dec 2006 06:50:16 +0000

2 awesome ways to implement caching on your website using Apache .htaccess or httpd.conf. Both methods are extremely simple to set up and will dramatically speed up your site!

The post Speed Up Sites with htaccess Caching appeared first on AskApache.