msnyder
02-23-2001, 04:04 PM
We're reasonably certain that someone "hacked into" a password protected directory of ours.[nbsp][nbsp]I say reasonably certain because it's hard to take some script-using wannabe hacker's claims seriously.
What he claimed was that any password protected directory with 755 or equivalent permissions set is an open invitation for people to waltz right in.[nbsp][nbsp]The claim is that the vulnerability has to do with the execute permissions on the directory.
Has anyone heard about this, is there any way to make these areas more secure?[nbsp][nbsp]Incidentally, if you take the execute privs off a directory, it can no longer be accessed at all (so that's not a viable option).
We haven't ruled anything out here, there's a chance that he just learned the password from a legitimate user.[nbsp][nbsp]I couldn't find any reference to this on the forums or FAQ, so I thought I'd toss it out here.[nbsp][nbsp]I noticed one person on this forum mentioned that password protected directories aren't really secure (but he didn't mention why).
What he claimed was that any password protected directory with 755 or equivalent permissions set is an open invitation for people to waltz right in.[nbsp][nbsp]The claim is that the vulnerability has to do with the execute permissions on the directory.
Has anyone heard about this, is there any way to make these areas more secure?[nbsp][nbsp]Incidentally, if you take the execute privs off a directory, it can no longer be accessed at all (so that's not a viable option).
We haven't ruled anything out here, there's a chance that he just learned the password from a legitimate user.[nbsp][nbsp]I couldn't find any reference to this on the forums or FAQ, so I thought I'd toss it out here.[nbsp][nbsp]I noticed one person on this forum mentioned that password protected directories aren't really secure (but he didn't mention why).