Wednesday, September 26, 2012

Re: spam scripts on vim.org

Excerpts from Bill Hudacek's message of Wed Sep 26 16:15:20 +0200 2012:
> With all due respect, Dr., I'd suggest that at least a check of 'ctimes'
> (to catch replaced files within the DocRoot or config areas of the HTTP
> server) on or (soon) after the placement of the suspect images might be
> warranted.
.htaccess can't be modified by apache (permissions) - however there are
some .php files which are writable by apache eventually.

Of course we could easily write a 5 line php script which outputs all
important (.php and .htaccess files) and their hashes - then changes can
be detected easily by diffing against the last dump.

If you think that we feel more safe having such checks - I'll implement
it - however I'm not going to make the url to that php page public for
obvious reasons.

Marc Weber

--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

No comments:

Post a Comment