Some files and folders are visible

A place for security related announcements and discussions - please check this forum frequently!
Post Reply
maeg
Posts: 525
Joined: Fri Feb 20, 2009 2:27 pm
Location: Agerbæk, Denmark
Contact:

Some files and folders are visible

Post by maeg » Sat Dec 15, 2012 5:31 pm

Hi

I'm wondering. When i browse ex. http://my_site/image or http://my_site/userfiles

All files and folder are visible. I have tryed to change the chmod, but when the folder and files are hidden, they also are hidden on the site.

Am i missing something

cmb
Posts: 12718
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Some files and folders are visible

Post by cmb » Sat Dec 15, 2012 5:54 pm

Hi maeg,

you can't protect the access to the folders images/ or userfiles/; otherwise the images can't be shown on the site. You'll probably want to put an empty file index.htm to these folders. This way an empty page will be shown, when one browses to http://www.example.com/images/.

Christoph
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+

maeg
Posts: 525
Joined: Fri Feb 20, 2009 2:27 pm
Location: Agerbæk, Denmark
Contact:

Re: Some files and folders are visible

Post by maeg » Sat Dec 15, 2012 6:04 pm

Hi

Ahh... i'll try that :D

snafu
Posts: 352
Joined: Sun Dec 26, 2010 5:18 pm

Re: Some files and folders are visible

Post by snafu » Sat Dec 15, 2012 7:50 pm

i think this is a "problem" with the directory listing.

I can enable or disable in my admin account for my webspace or with settings per .htaccess
for security reasons the default setting for "directory listing" is off. i don´t change that ;-}. you see a 403 if you try to open a directory without a index.htm/html/shtml/php.
try : http://web57.ws/testbilder/raynoxdcr250 ... cr-250.jpg ... no problem
try: http://web57.ws/testbilder/raynoxdcr250_test/ .... 403, and in this directory are only pictures, no index.html/php files.

the most hosting provider i know (and mostly of the freehoster in germany/austria and swyzerland i testet the last 5 years) set the default to "Options -Indexes"

okay, a empty index.htm do the same, but if you have a lot of directorys with jpg, pdf, txt and other files ... i think it is easier to use a general setting (admininterface or .htacess)
lg.
winni

Durch einen Sucher betrachtet wird alles zu einem Motiv.
meine Galerie; mein Blog, mein CMSimple Template Tutorial

Post Reply