Done... I added 'AddType' directives for .php and .phtml to make them text/html. Should they be text/plain?
Jason
Jens Frank wrote:
Hello,
the user "Mrzha" uploaded a file named filelist.PHP. This file provides a file system browser to inspect all directories on the web server it is installed to. Can an administrator please delete this file and ensure that no PHP-files are interpreted when stored in /upload/?
This filelist.PHP is not very harmful, but using the same way it might be possible to hijack the entire server. (As done with www.apache.org some years ago, also starting with an upload directory executing PHP to get an "initial contact").
Best regards,
jens
Wikitech-l mailing list Wikitech-l@ross.bomis.com http://ross.bomis.com/mailman/listinfo/wikitech-l