[support] www.mysite.net security hole for mysite.net?
dondi_2006
dondi_2006 at libero.it
Sat Jun 10 16:16:20 UTC 2006
Hello,
please help me, this is serious.
some days ago I started to build a new website with Drupal 4.7.2 on Linux
+ Apache.
I configured everything ( DNS, Apache, Drupal...) to work ONLY when
connecting to http://mysite.net. Or so I believed.
ten minutes ago I decided to continue building my website. Without thinking,
I typed in the browser www.mysite.net and got the drupal page (with default
theme) saying, more or less, "hello, this is the first connection, so this
account will be administrator with password ..... Please configure"
If I click on configure, I go to the administration page and can screw the
website without entering a password!
At the same time, if I type in the browser http://mysite.net I get to the
website I configured (theme, etc...) and I _have_ to log in to change things.
What is this? An error of mine, a Drupal/apache bug, both? How can I
set things so that www.mysite.net goes to mysite.net, without believing
that is a first visit, and that anybody can hack the site?
TIA,
O.
More information about the support
mailing list