Re: [Jack-Devel] www.jackaudio.org defacement

Prev	Next Index
Date	Fri, 30 Dec 2011 16:35:47 -0500
From	Paul Davis <[hidden] at linuxaudiosystems dot com>
To	John Rigg <[hidden] at jrigg dot co dot uk>
Cc	[hidden] at lists dot jackaudio dot org
In-Reply-To	John Rigg Re: [Jack-Devel] www.jackaudio.org defacement
Follow-Up	Paul Davis Re: [Jack-Devel] www.jackaudio.org defacement

On Fri, Dec 30, 2011 at 4:35 PM, John Rigg <[hidden]> wrote:

> Is it worth substituting plain HTML pages as a temporary workaround?

there is no temporary, because there is no actual fix.

i believe i have removed one of the main secondary vectors - a file
called "ajax.php" that provide pseudo-shell access.

however, this just makes the question: how did ajax.php get into the web tree.

> The HTML generated by PHP (when correct) could be used to save time.

its true that for jackaudio.org, which is fairly static, this is feasible.

i'm experimenting with some other options.

Prev	Next Index

1325280957.24932_0.ltw:2,a <CAFa_cKkYYe=exxy+KaWpMv6peOEtC8-_UX2iFYLDd3UeyXSoHQ at mail dot gmail dot com>