Jump to content


Photo

How do you prevent a site from being exposed?


  • Please log in to reply
10 replies to this topic

#1 hugh90

hugh90
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 11 August 2006 - 02:59 PM

My site is in .php

How do you stop from raw files showing? The files of my site show up if I (for example) go to www.site.com/folder/folder. How do I prevent this situation so the raw files doesn't show up?

Most sites when you go to www.site.com/folder/folder you end up on a normal webpage, but mine shows the raw files. :(

Some sites stop this from happening to their site and protect it, can you please tell me how to stop it too?

I'm a newbie. :|

Thanks :)

#2 mainewoods

mainewoods
  • Members
  • PipPipPip
  • Advanced Member
  • 685 posts
  • LocationMaine

Posted 11 August 2006 - 03:49 PM

just add a file called index.htm to that directory and then it will just show that file and that file can have a meta-refresh in it to go elsewhere.

#3 hugh90

hugh90
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 11 August 2006 - 03:53 PM

just add a file called index.htm to that directory and then it will just show that file and that file can have a meta-refresh in it to go elsewhere.


So that means adding an index.htm manually in every folder/directory? Isn't there a way that can stop this at once? A quick fix code or the way to url my php’s so that it is permanently stable without manually adding an index.htm with every folder.

Thank you


#4 mainewoods

mainewoods
  • Members
  • PipPipPip
  • Advanced Member
  • 685 posts
  • LocationMaine

Posted 11 August 2006 - 04:02 PM

you may be able to add a .htaccess file to your top directory that would solve the problem, I'm not sure of the syntax though.

#5 mainewoods

mainewoods
  • Members
  • PipPipPip
  • Advanced Member
  • 685 posts
  • LocationMaine

Posted 11 August 2006 - 04:06 PM

http://www.javascrip...taccess11.shtml

#6 hugh90

hugh90
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 11 August 2006 - 04:18 PM

Hi thanks i've added it, and it works but it just shows the same Directory Listing but without my raw files (which is a good thing)  But it looks very unprofessional, so how can I completely stop the Directory Listing page from showing, hopfully with an error page or a redirect back to the main page.

Can this be achieved through .htaccess?



#7 mainewoods

mainewoods
  • Members
  • PipPipPip
  • Advanced Member
  • 685 posts
  • LocationMaine

Posted 11 August 2006 - 04:37 PM

potentially through the mod_rewrite feature of .htaccess which is a complicated subject and I can't help you with that.

#8 simcoweb

simcoweb
  • Members
  • PipPipPip
  • Advanced Member
  • 1,102 posts
  • LocationCA

Posted 11 August 2006 - 05:20 PM

Truthfully the best way is to put an index.htm file in each one ( or index.shtml, index.php, index.html.. it just needs to be an index file) since doing via .htaccess just puts more strain on the server everytime someone attempts to hit one of your folders.

Or you can pick up a little utility that not only prevents them from viewing your unprotected folders but logs their IP, redirects them to the page of your choice, and allows you to ban IP's if needed. Check out:

http://www.templated...oop-catcher.htm

#9 corbin

corbin
  • Staff Alumni
  • Advanced Member
  • 8,129 posts

Posted 11 August 2006 - 05:27 PM

I would make directory listings unavailable where it would generate uhhh 403 (?) errors... then you could just use an appropriate error document... Possibly having it redirct the user to /index
Why doesn't anyone ever say hi, hey, or whad up world?

#10 hugh90

hugh90
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 11 August 2006 - 07:48 PM

I would make directory listings unavailable where it would generate uhhh 403 (?) errors... then you could just use an appropriate error document... Possibly having it redirct the user to /index


Yeah but how would I do this? I don't know, can you please explain how to do this?

#11 simcoweb

simcoweb
  • Members
  • PipPipPip
  • Advanced Member
  • 1,102 posts
  • LocationCA

Posted 11 August 2006 - 08:05 PM

It's not that hard.

1. create a custom error page ( I make mine look like the rest of the site with menus and everything. Like this: http://www.templated...o-page-here.htm )

2. edit your .htaccess file with this:

ErrorDocument 403 http://www.yoursite.com/403.htm
ErrorDocument 404 http://www.yoursite.com/404.htm
ErrorDocument 500 http://www.yoursite.com/500.htm

Those are the most common errors.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users