Another Update from ISP Techie,
Quote:
You have made 2 general mistakes in designing your sites, and they allow attacks to be able to succeed. These mistakes are common for perl/cgi based sites and are very undesired for proper operation. First one is mixing data and executable files, and the second one is assigning world writable permissions to files. Mixing data and executables is not fatal but prevents keeping permissions secure automatically. Assigning world writable permissions is like leaving the front door of your house open and expect everything is safe.
Our automated security scripts do not allow files with world writable permissions on the server and clean that flag as this makes your site succeptible to attacks similar to the one this weekend. This would prevent the webserver from writing data in your files and to allow it to do that we make the files have the same group as the webserver (nobody). However populating data files that the webserver should be able to write to in the cgi-bin directory makes it impossible to distinguish between data and executable files, and executable files are not allowed to be writable by the web server. So you have error 500 for having the group writable flag on perl files, or you get unable to write data to your data files.
You have to move out all data files out of the cgi-bin directory. Public_html should contain no executables except in the cgi-bin subdirectory. Then permission setup would be easy to maintain and all conditions would be satisfied: security and operability. I will restore back your absolutedirectory site but we will not be responsible if you get hit again for leaving the situation as is, open for attacks and unorganized for automatic prevention of this type of attacks. If you need additional details, instructions or help, we will help you organizing your sites properly to have them both protected and running at the same time.
Please keep using the Help Desk and let us know of your progress, as emails are intended as notifications, and the Help Desk keeps better tracking of problems and their solutions.
And there was me thinking it was their fault for letting undesirables use their hosting services. :-)
How can I fix this problem?
http://www.absolutedirectory.com