Date: Thu, 25 Nov 1999 20:05:02 -0700 From: "J.C. Frazier" <wolfman@csocs.com> To: freebsd-isp@freebsd.org Subject: Problems with apache, frontpage, and vhosts Message-ID: <383DF8DD.C22B381C@csocs.com>
next in thread | raw e-mail | index | archive | help
I am running FreeBSD 3.3-stable, apache+php+mod_ssl-1.3.9+3.0.12+2.4.8, and frontpage extensions version 4.0 (not the module). It was set up exactly as specified at www.freebsdzine.org in their FP article, if you'd like full details on the setup. Two days ago this system was broken into. Someone got in through frontpage and changed the account password. After a lot of investigating and testing I found that my vhosts listed in apache.conf aren't abiding by the default settings for <Directory>'s in the file. Hence no overrides and my .htaccess files are being ignored, leaving me wide open. I am running a mixed named/ip based vhost system (8 named based hosts on one IP and 2 named based hosts on another IP). Because my .htaccess files aren't being read, the FP extensions aren't working correctly either. When a customer tries to GET, POST, etc...it won't accept any passwords. My log files give no clues to what is wrong other then a password mismatch on those functions, even though the passwords have been checked and rechecked and are correct. So for now I have uninstalled the frontpage extensions all together temporarily because of the security implecations until I can find out how to solve these problems. I've searched the mailing lists and read the apache documentation site and can't find any other instance of this type of incident happening or any corrective actions. I've tried a few different versions of apache including 1.3.3 and 1.3.6-php, both with the same results. frontpage extensions version 3.0 also gave the same results. Any help or advice would be greatly appreciated. Thank you for your time. J.C. Frazier To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?383DF8DD.C22B381C>