From owner-freebsd-isp Thu Nov 25 19: 2:36 1999 Delivered-To: freebsd-isp@freebsd.org Received: from blackbird.lonetree.com (blackbird.lonetree.com [207.141.55.3]) by hub.freebsd.org (Postfix) with ESMTP id E4F6114E33 for ; Thu, 25 Nov 1999 19:02:34 -0800 (PST) (envelope-from wolfman@csocs.com) Received: from csocs.com [209.64.46.23] by blackbird.lonetree.com with ESMTP (SMTPD32-5.01) id A82DE9030124; Thu, 25 Nov 1999 20:02:05 mdt Message-ID: <383DF8DD.C22B381C@csocs.com> Date: Thu, 25 Nov 1999 20:05:02 -0700 From: "J.C. Frazier" X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.3-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Problems with apache, frontpage, and vhosts Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am running FreeBSD 3.3-stable, apache+php+mod_ssl-1.3.9+3.0.12+2.4.8, and frontpage extensions version 4.0 (not the module). It was set up exactly as specified at www.freebsdzine.org in their FP article, if you'd like full details on the setup. Two days ago this system was broken into. Someone got in through frontpage and changed the account password. After a lot of investigating and testing I found that my vhosts listed in apache.conf aren't abiding by the default settings for 's in the file. Hence no overrides and my .htaccess files are being ignored, leaving me wide open. I am running a mixed named/ip based vhost system (8 named based hosts on one IP and 2 named based hosts on another IP). Because my .htaccess files aren't being read, the FP extensions aren't working correctly either. When a customer tries to GET, POST, etc...it won't accept any passwords. My log files give no clues to what is wrong other then a password mismatch on those functions, even though the passwords have been checked and rechecked and are correct. So for now I have uninstalled the frontpage extensions all together temporarily because of the security implecations until I can find out how to solve these problems. I've searched the mailing lists and read the apache documentation site and can't find any other instance of this type of incident happening or any corrective actions. I've tried a few different versions of apache including 1.3.3 and 1.3.6-php, both with the same results. frontpage extensions version 3.0 also gave the same results. Any help or advice would be greatly appreciated. Thank you for your time. J.C. Frazier To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message