Posted by Rik on 02/23/07 18:02

shimmyshack <matt.farey@gmail.com> wrote:
Rik <luiheidsgoe...@hotmail.com> wrote:
>> Rik <luiheidsgoe...@hotmail.com> wrote:
>> > shimmyshack <matt.fa...@gmail.com> wrote:
>> >> This is the only statement in my httpd.conf:
>>
>> >> AddType application/x-httpd-php .php
>>
>> >> and yet the attack works.
>> >> The server doesnt have to be set up to parse every doc for php, that
>> >> was an assumption.
>> >> Has anyone here tried it on their server?
>>
>> > Attack does not work here on the local server....
>>
>> And the live server is also safe :-)
>
> out of interest what are you running, is php a module, ta.

Homebox:
W2K, Apache 2.2.2, PHP 5.1.4 as a module.

Live server:
FreeBSD 5.3, Apache 2.0.54, PHP 4.4.2 (yes, still, goddamnit) as a module.

But it's all about configuration offcourse :P
--
Rik Wasmus

[Back to original message]