写了一htaccess的文件? [英] Write over a htaccess file?
问题描述
这是.htaccess文件上传到通过ftp目录,该文件的所有者和组的话,一般的FTP用户和/或根。
An .htaccess file is uploaded to a directory via ftp, the owner and group of the said file is then generally the ftp user and / or root.
如果该目录已文件的权限设置为0777将它在所有可能的远程脚本写在说.htaccess文件,或者将尽一切努力始终阻止作为所有者的.htaccess文件和组FTP用户(和根),和黑客(具体取决于哪个端口,他们试图进入通)将不会被记录到服务器的FTP用户(希望不是root用户要么)。
If the said directory had file permissions set to 0777 would it at all be possible for a remote script to write over the said .htaccess file, or would every attempt always be blocked as the owner and group of the .htaccess file is the ftp user (and the root), and the hacker (depending on which port they were attempting to enter through) will not be logged into the server as the ftp user (and hopefully not the root user either).
我想问的原因是因为我需要一个目录是权限0777,并感到关切的是,.htaccess文件(其中prevents脚本从该目录中运行),可以简单地覆盖意思是说服务器将vunerable攻击。
The reason I ask is because I have the need for a directory to be permissions 0777 and am concerned that the .htaccess file (which prevents scripts from running in the said directory) could simply be overwritten meaning the said server would be vunerable to attack.
谢谢, 约翰·
推荐答案
你会很容易受到攻击,如果一个剧本有写访问该文件夹不管。这里有一个例子,从一个朋友的服务器上的一个真实的故事:
You're going to be vulnerable to an attack if a script has write access to that folder regardless. Here's an example from a true story on a friend's server:
- TimThumb的老版本允许文件被恶意上传
- 上传的文件是壳牌叙利亚,用于解密用户权限并开始创建新的文件,一个脚本
- 访问给予了入侵者和服务器有效地变成一个主机一个钓鱼网站。
我强烈建议你看看你的结构。将写权限的子目录中。希望这有助于。
I highly recommend you take a look at your structure. Move write access to a subdirectory. Hope this helps.
这篇关于写了一htaccess的文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
