Be sure your hosts stay updated to the latest stable version
and build.
Since you use cPanel you should know about "Hot Link
Protection". ? If you enable this, while these
parasites can
still HL to your images, they'll instead get a red
"X" where
your image should be on the webpage. If you enable the HL
Protection, be sure you populate the "URL's to allow
access to"
text box:
http://216.109.125.130
http://64.233.161.104
http://64.233.161.99
http://64.233.179.104
http://64.233.187.104
http://66.218.69.11
http://72.14.203.104
http://72.14.207.104
http://72.14.209.104
http://cc.msnscache.com
http://images.google.*
http://images.search.y
ahoo.com
http://search.msn.com/im
ages
http://www.images.
search.yahoo.com
http://www.search.ms
n.com/images
....so that when someone clicks on your "cached"
link in the SE
results your images will be still be displayed. This allows
the SE's cached servers access to your images on your
webpages.
No doing so would display red X's where all your images on
the
page should be. Those IP addresses above are Google's image
servers, and that * mark is indeed supposed to be there like
that, that's a wildcard for any Google location (.ca, .au,
.de,
.it, etc.). While I have a ton of non .com .org & .net
domain
extensions blocked in my IP Deny area, like loads on APNIC,
LACNIC and RIPE, I certainly do NOT want to block any SE's
bots
because there may be a possibility that could affect their
servers in the USA, and I'm not going to risk that.
Even with red X's on these parasites' webpages showing, you
wouldn't believe how many of these morons STILL hot link!!
I'm
always in a battle with the jerks at MySpace.com and Ebay.
They just flat out REFUSE to tell their members this is
illegal
and against their TOS. I keep telling them all they have to
do
is email the members and simply state "Hot linking is
not
allowed". But noooooooooooooo, they won't do that, and
now
they are eventually going to be sued over it.
I've even told them they are WELCOME TO USE my images, just
SAVE IT to their OWN SERVER or space, and give me a courtesy
link-back! Nope, they'd rather steal it and end up with a
red
X. Bunch of spaz's.
Anyway.......if you enable the HL Protection, note that if
you
have any custom .htaccess redirects (like canonical www
redirect for only ONE example and other custom
"301"
redirects), they will be OVERWRITTEN by the HL Protection!!!
This is yet another cPanel bug! What you have to do, is
just
open your .htaccess file, then enable/edit your HL
Protection,
THEN save the .htaccess file and it will be as it was. This
does NOT affect any redirects you may have added from within
the cPanel interface itself, those are unaffected. Cpanel
can't handle complicated redirects from its interface, so
it's
those types that you have to add manually to your .htaccess
file that will be overwritten, so you have to do this
method.
-Clint
God Bless
Clint Hamilton, Owner
http://OrpheusComputing.c
om
----- Original Message -----
From: "BubblyBabs"
If I understand this right, I had this happen to my site...
Someone was
using the stat program from my website for their website...
I
accidently
found this out by doing a search for my website (I do this
periodically to
catch people who are direct-linking to images on my site,
it's
a huge
problems at times, esp with myspace users) and came across
this
persons
sites stats using my website cpanel program... I inquired
about it with my
webhost and the site stopped using the program but I never
figured out how
they did it, I tried to reproduce it but couldn't... This
was
more than a
year ago though...
Babs
> For those of you that have websites that use cPanel.
> -Clint
>
>
> ----- Original Message -----
>
> TITLE:
> cPanel Multiple Cross-Site Scripting Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA22555
>
> VERIFY ADVISORY:
> http://secunia.c
om/advisories/22555/
<snip>
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|