<?xml version="1.0" encoding="UTF-8"?><!-- generator="wordpress/2.0.4" -->
<rss version="2.0" 
	xmlns:content="http://purl.org/rss/1.0/modules/content/">
<channel>
	<title>Comments on: PHPit hacked? Never!</title>
	<link>http://phpit.net/article/hacked/</link>
	<description>PHPit has dozens of PHP articles, codesnippets and FAQ's.</description>
	<pubDate>Mon, 12 Nov 2007 21:26:15 +0000</pubDate>
	<generator>http://wordpress.org/?v=2.0.4</generator>

	<item>
		<title>by: Arnold Daniels</title>
		<link>http://phpit.net/article/hacked/#comment-1138</link>
		<pubDate>Thu, 13 Apr 2006 16:38:49 +0000</pubDate>
		<guid>http://phpit.net/article/hacked/#comment-1138</guid>
					<description>May I point out that this also means that your host has a security leak on your server. You could simply write a PHP file to readout the root password and TAKE OVER THE WORLD!!!... ehhh... I mean take over the server.

You should realy mention to you host that he sould not run apache as root and/or change the privileges on the server so dirs outside the webroot can't be accessed by www-data (the default apache user).

Regards,

Arnold Daniels
http://www.helderhosting.nl</description>
		<content:encoded><![CDATA[<p>May I point out that this also means that your host has a security leak on your server. You could simply write a PHP file to readout the root password and TAKE OVER THE WORLD!!!&#8230; ehhh&#8230; I mean take over the server.</p>
<p>You should realy mention to you host that he sould not run apache as root and/or change the privileges on the server so dirs outside the webroot can&#8217;t be accessed by www-data (the default apache user).</p>
<p>Regards,</p>
<p>Arnold Daniels<br />
<a href='http://www.helderhosting.nl' rel='nofollow'>http://www.helderhosting.nl</a>
</p>
]]></content:encoded>
				</item>
</channel>
</rss>
