Hi,Recently one of my site got hacked and they uploaded lots of crap to it that let them browse through the entire server with a php-script that let them do all sorts of things.
I'm not an expert on Apache so thats why I'm asking you for help.I want to know if/how I can let a certain vhost only to browse the content of their folder.
So for example I have this vhost: <VirtualHost *:80> DocumentRoot /var/www/test ServerName www.test.com ServerAlias test.com TransferLog /var/log/apache2/test.log </VirtualHost>Right now they can make a file-browser in PHP and go to /var/www/othersite, browse /etc and by the looks of it the entire server..
How do I "block" them from browsing the parent directories of there DocumentRoot?
Thanks, -Patric --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|