Re: [Jack-Devel] www.jackaudio.org defacement
for now, i've switched the user that the website "runs as", but made a
different user the owner of all the files that comprise the website
itself. in theory this should prevent web-vectored attacks from
modifying any files. dreamhost does things slightly oddly AFAICT: i
think the httpd server itself runs as "nobody" but any CGI scripts are
executed as a specified user.
i also changed all passwords (including database access passwords etc).
we'll see how well this holds up against the pharma crackers.
1325283875.29303_0.ltw:2,a <CAFa_cKmEvN_uBZJCJ0ByzAsBwk-9_e+gof_XkV7YvUJR=eehog at mail dot gmail dot com>