Due to static pages being retrieved by apache user (or nobody, depending on your install) -- it was very hard to protect against.
Some hosts used SymLinksIfOwnerMatch directive instead -- but that din't really work, as race condition (when symlink is made to point to hacker's file, and then to good user's file) makes it very simple to exploit.
As part of latest mod_hostinglimits 0.9 beta, I am happy to announce SecureLinks -- a way to stop such attacks completely.
The way it works, it makes...
Sorted by relevance | Sort by date