Go Back  HTML Forums - Free Webmaster Forums and Help Forums > TOOLS OF THE TRADE > Security Alert
Reload this Page heres a simple one.....
User Name:
Password:
 

Reply
Thread Tools   Display Modes
  View First Unread
 
Old 11-10-2001, 04:57 AM
  #1
cloud9
Catapulted
 
cloud9's Avatar
 
Join Date: Feb 2001
Location: cloud9 ofcourse!
Posts: 975
iTrader: (0)
cloud9 is on a distinguished road
Lightbulb heres a simple one.....
... leaving out an index.html or index.php on your website. If there is no index file then the server may show a directory listing, containing files you don't want people to see... I've done this and low and behold someone gained the admin password to my ads stuff

cloud9 is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it? Reply With Quote
Old 11-10-2001, 09:17 AM
  #2
Insyder
Champion (Level 13)
 
Insyder's Avatar
 
Join Date: Mar 2001
Location: Chesapeake,Virginia
Posts: 210
iTrader: (0)
Insyder is on a distinguished road
thats why you should set the permissions to not allow anyone to view the directory index even if you dont have an index.* file.
__________________
Darin Stockman
admin@modpages.com
http://www.modpages.com :: http://www.modpages.net :: http://www.modpages.org
http://www.forhisglory.com :: http://www.dzonextreme.com
Insyder is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it? Reply With Quote
Old 11-10-2001, 10:42 AM
  #3
cloud9
Catapulted
 
cloud9's Avatar
 
Join Date: Feb 2001
Location: cloud9 ofcourse!
Posts: 975
iTrader: (0)
cloud9 is on a distinguished road
Quote:
Originally posted by Insyder16
thats why you should set the permissions to not allow anyone to view the directory index even if you dont have an index.* file.

anyone know the .htaccess line I need to do this?
cloud9 is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it? Reply With Quote
Old 11-10-2001, 11:26 AM
  #4
Jason
1.21 Gigawatts
 
Jason's Avatar
 
Join Date: Nov 1999
Location: Hill Valley
Posts: 4,804
iTrader: (0)
Jason has a spectacular aura aboutJason has a spectacular aura aboutJason has a spectacular aura about
It's not done in .htaccess, it's done in FTP or telnet. The directory shouldn't be public readable.
__________________
Don't just TELL them go Google it, SHOW them how!
Want promotion for your site? Learn how to post on forums without becoming a spammy toolbag!
Trouble talking to your developer? Check out the English-Web Developer Dictionary!
Jason is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it? Reply With Quote
Old 11-10-2001, 12:48 PM
  #5
Dr. Web
Super Virtual Guru
 
Dr. Web's Avatar
 
Join Date: Jan 2001
Location: Colorado, USA
Posts: 5,573
iTrader: (0)
Dr. Web is on a distinguished road
It can also be a webserver setting. If you have access to that, make sure that directory browsing is disabled.
__________________
If you know the enemy and know yourself, you need not fear the result of a hundred battles.
If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.
If you know neither the enemy nor yourself, you will succumb in every battle.

-Sun Tzu
Dr. Web is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it? Reply With Quote
Old 11-10-2001, 12:52 PM
  #6
cloud9
Catapulted
 
cloud9's Avatar
 
Join Date: Feb 2001
Location: cloud9 ofcourse!
Posts: 975
iTrader: (0)
cloud9 is on a distinguished road
Quote:
Originally posted by Dr. Web
It can also be a webserver setting. If you have access to that, make sure that directory browsing is disabled.
I'll tell host-today to disable it my RAQ... thanks







<? php include("/home/sites/site75/web/cloud9/errors/sig.inc") ?>
cloud9 is offline   Add to del.icio.us Add to del.icio.us    Can you digg it?Can you digg it? Reply With Quote

Reply
« Previous Thread | Next Thread »
KEEP TABS
SPONSORS
 
Boxedart
 
 


 
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
  
  
 
 



 
  POSTING RULES
 
 
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Thread Tools
Display Modes
Linear Mode Linear Mode

Forum Jump

 

All times are GMT -5. The time now is 09:26 AM.
   
Network Sites: Web Tools and Resources | Web Templates | Free Webmaster Resources | Free JavaScripts | Free Clip Art | Clipart Resources |
Turnkey Website Templates | Free Fonts | HTML Help | Stock Photos | Quality Hosting | Learn Perl and CGI | Top Web Hosts | CMS Templates

Partner Sites: Free Web Templates | Webmaster Resources | Javascripts | Stock Photos | DHTML Scripts | Create a free forum | Web Hosting Reviews |Web Hosting
| Unlimited Domain Hosting

Mascot team created by Drawshop.com

Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.

Server Monitoring by ENIACmonitor 0.01
HTMLforums.com © Big Resources, Inc. Web Design by BoxedArt.com
vRewrite 1.5 beta SEOed URLs completed by Tech Help Forum and Chalo Na.