Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: Re: wwwboard my help reveal user name and password
From: Shelagh Pepper (spepperWLU.CA)
Date: Fri Jul 07 2000 - 11:23:39 CDT

Work around is to deny access to passwd.txt files
Apache specific directive is:

<Files passwd.txt>
     Order allow,deny
     Deny from all

I would put a .htaccess file in wwwboards similar to the following:

<Files *.txt>
     Order allow,deny
     Deny from all
ErrorDocument 403 /Lame_excuses/not_found.html


At 03:00 AM 7/7/00 -0400, Julian Linton wrote:
>This is probably well know already. if wwwboard.pl is install with most of
>it default settings any web user can access
>this will show the username and encrypted password for the wwwadmin.pl
>script. I did a search on the internet and many of the site that are
>running wwwboard use the same password and username for other service,
>such as ftp or telnet. I feel this can be a problem since the passwd.txt
>file is world readable.
>Julian Linton