[horde] General help viewer exploit
TeChico.net Support
support at techico.net
Thu Apr 27 15:53:19 PDT 2006
Afternoon,
FYI: each and every horde box I have was/is having this issue. I had
to tweak mod_security to stop breakins.
For those of you running mod_security you can use the following
recipes to stop this problem until a fix is released:
SecFilterSelective REQUEST_METHOD "^(GET|HEAD)$" chain
SecFilterSelective ARGS "/tmp"
SecFilterSelective REQUEST_METHOD "^(GET|HEAD)$" chain
SecFilterSelective ARGS "wget"
Really you only need the wget one but I run the tmp one as a secondary
precaution.
Hope that helps someone,
TeChico.net > Support
Josh Marquis
TeChico.net
530.521.6549
http://techico.net
More information about the horde
mailing list