homepage Welcome to WebmasterWorld Guest from 54.227.62.141
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
FrontPage files on the Apache server
Using info to hack into site...
grandma genie




msg:4372282
 5:54 pm on Oct 8, 2011 (gmt 0)

If your website resides on an Apache server using Linux, and you find FrontPage files in your site's folder that you didn't put there, would you assume someone other than you has access to the site's files?

I just moved my site to a new host. When I did, my htaccess file changed. The same changed htaccess file is also on the old host's server. I did not change it. It had this in it and only this. All my stuff was gone.:

# -FrontPage-

Options None

<Limit GET POST PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName mywebsite.com
AuthUserFile /home/mysite/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/mysite/public_html/_vti_pvt/service.grp

The two files referenced reveal the correct administrator name and an encrypted password.

I have a developer helping me with the move. The developer does use FrontPage. They claim they did not change the htaccess file. The new site host, who moved my files, claims he did not change the htaccess file. I did not change it.

I have since removed all the FrontPage folders from the new server. But my concern is if the developer didn't do it and if the host didn't do it, and if I didn't do it, then who did?

In the event it was an interloper, what is the best way to be sure my site is secure? They now have the user name and password and could already have created a back door to the new server.

I am assuming FrontPage doesn't and can't change an htaccess file automatically. Someone had to go into the file and edit it.

I have already informed the new host of this. He does not seem to be concerned. Should I be?

--grandma_genie

 

jk3210




msg:4372288
 6:20 pm on Oct 8, 2011 (gmt 0)

Every time you install or reinstall the FP Extensions, it automatically overwrites the htaccess file.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved