I-can-fix-it Posted April 27, 2005 Posted April 27, 2005 Hi all I was browsing through the server log and came across this. Notice things like this behind the directory ?C=N%3BO=D and while testing on localhost I noticed that the intire image directory is accessable with the below links and it seems that yahoo has spiders indexing these files direct How can I prevent this folder from being viewed. I have tried the same code on a couple of other osCommerse sites sorry about that and sorry to say it does it on others servers as well as my own. Is this a security issue? HOW CAN I PROTECT THE IMAGE FOLDER?? :devil: Any ideas . Have alook at what they have access to ??????? 68.142.251.150 - - [26/Apr/2005:23:13:02 +1000] "GET /robots.txt HTTP/1.0" 200 3846 68.142.249.57 - - [26/Apr/2005:23:13:03 +1000] "GET /catalog/images/ HTTP/1.0" 200 84640 68.142.249.84 - - [26/Apr/2005:23:13:19 +1000] "GET /catalog/images/icons/ HTTP/1.0" 200 4424 68.142.250.38 - - [26/Apr/2005:23:13:21 +1000] "GET /catalog/images/mail/ HTTP/1.0" 200 853 68.142.249.75 - - [26/Apr/2005:23:13:25 +1000] "GET /catalog/images/icons/?C=D%3BO=A HTTP/1.0" 200 4424 68.142.249.198 - - [26/Apr/2005:23:13:28 +1000] "GET /catalog/images/default/ HTTP/1.0" 200 1186 68.142.249.96 - - [26/Apr/2005:23:13:24 +1000] "GET /catalog/images/?C=M%3BO=A HTTP/1.0" 200 84640 68.142.250.126 - - [26/Apr/2005:23:13:37 +1000] "GET /catalog/images/dvd/ HTTP/1.0" 200 851 68.142.251.29 - - [26/Apr/2005:23:13:40 +1000] "GET /catalog/images/imagecache/?C=S%3BO=A HTTP/1.0" 200 627 68.142.249.182 - - [26/Apr/2005:23:13:35 +1000] "GET /catalog/images/?C=D%3BO=A HTTP/1.0" 200 84640 68.142.250.126 - - [26/Apr/2005:23:13:42 +1000] "GET /catalog/images/imagecache/?C=M%3BO=A HTTP/1.0" 200 627 68.142.250.184 - - [26/Apr/2005:23:13:42 +1000] "GET /catalog/images/imagecache/?C=N%3BO=D HTTP/1.0" 200 627 68.142.251.198 - - [26/Apr/2005:23:13:42 +1000] "GET /catalog/images/icons/?C=M%3BO=A HTTP/1.0" 200 4424 68.142.250.91 - - [26/Apr/2005:23:13:43 +1000] "GET /catalog/images/default/?C=N%3BO=D HTTP/1.0" 200 1186 68.142.251.146 - - [26/Apr/2005:23:13:43 +1000] "GET /catalog/images/infobox/ HTTP/1.0" 200 1381 68.142.251.76 - - [26/Apr/2005:23:13:46 +1000] "GET /catalog/images/mail/?C=S%3BO=A HTTP/1.0" 200 853 68.142.249.37 - - [26/Apr/2005:23:13:46 +1000] "GET /catalog/images/mail/?C=M%3BO=A HTTP/1.0" 200 853 68.142.249.167 - - [26/Apr/2005:23:13:47 +1000] "GET /catalog/images/mail/?C=N%3BO=D HTTP/1.0" 200 853 68.142.250.99 - - [26/Apr/2005:23:13:48 +1000] "GET /catalog/images/default/?C=D%3BO=A HTTP/1.0" 200 1186 68.142.251.61 - - [26/Apr/2005:23:13:49 +1000] "GET /catalog/images/mail/?C=D%3BO=A HTTP/1.0" 200 853 68.142.251.96 - - [26/Apr/2005:23:13:53 +1000] "GET /catalog/images/icons/?C=S%3BO=A HTTP/1.0" 200 4424 68.142.250.13 - - [26/Apr/2005:23:13:58 +1000] "GET /catalog/images/dvd/?C=S%3BO=A HTTP/1.0" 200 851 68.142.251.161 - - [26/Apr/2005:23:14:03 +1000] "GET /catalog/images/dvd/?C=N%3BO=D HTTP/1.0" 200 851 68.142.250.86 - - [26/Apr/2005:23:14:07 +1000] "GET /catalog/images/dvd/?C=M%3BO=A HTTP/1.0" 200 851 68.142.249.99 - - [26/Apr/2005:23:14:09 +1000] "GET /catalog/images/dvd/?C=D%3BO=A HTTP/1.0" 200 851 68.142.249.94 - - [26/Apr/2005:23:14:24 +1000] "GET /catalog/images/infobox/?C=S%3BO=A HTTP/1.0" 200 1381 68.142.249.41 - - [26/Apr/2005:23:14:29 +1000] "GET /catalog/images/infobox/origional-buttons-frominfo-box-folder/ HTTP/1.0" 200 1317 68.142.251.98 - - [26/Apr/2005:23:14:33 +1000] "GET /catalog/images/infobox/origional-buttons-frominfo-box-folder/?C=M%3BO=A HTTP/1.0" 200 1317 68.142.249.197 - - [26/Apr/2005:23:14:34 +1000] "GET /catalog/images/infobox/origional-buttons-frominfo-box-folder/?C=D%3BO=A HTTP/1.0" 200 1317 68.142.250.172 - - [26/Apr/2005:23:14:48 +1000] "GET /catalog/images/banners/?C=D%3BO=A HTTP/1.0" 200 980 68.142.251.57 - - [26/Apr/2005:23:14:51 +1000] "GET /catalog/images/infobox/origional-buttons-frominfo-box-folder/?C=S%3BO=A HTTP/1.0" 200 1317 68.142.250.181 - - [26/Apr/2005:23:14:53 +1000] "GET /catalog/images/banners/?C=S%3BO=A HTTP/1.0" 200 980 68.142.251.173 - - [26/Apr/2005:23:14:55 +1000] "GET /catalog/images/banners/?C=N%3BO=D HTTP/1.0" 200 980 68.142.251.71 - - [26/Apr/2005:23:14:56 +1000] "GET /catalog/images/infobox/?C=N%3BO=D HTTP/1.0" 200 1381 the net range indicates. NetRange: 68.142.192.0 - 68.142.255.255 CIDR: 68.142.192.0/18 NetName: INKTOMI-BLK-4 NetHandle: NET-68-142-192-0-1 Parent: NET-68-0-0-0-0 NetType: Direct Allocation NameServer: NS1.YAHOO.COM NameServer: NS2.YAHOO.COM NameServer: NS3.YAHOO.COM NameServer: NS4.YAHOO.COM NameServer: NS5.YAHOO.COM How do I protect the image folder???(!) THANKS
I-can-fix-it Posted April 27, 2005 Author Posted April 27, 2005 Turn off directory indexing. <{POST_SNAPBACK}> how do I do that??
I-can-fix-it Posted April 27, 2005 Author Posted April 27, 2005 Turn off directory indexing. <{POST_SNAPBACK}> Ok I didnt have the image file included inside the robots.txt to prevent spiders from indexing this file,But I did have updated spiders.txt installed. But that still makes the file assessable to others regardless? How can I protect it! Thanks
bdneuman Posted April 27, 2005 Posted April 27, 2005 Ok I didnt have the image file included inside the robots.txt to prevent spiders from indexing this file,But I did have updated spiders.txt installed.But that still makes the file assessable to others regardless? How can I protect it! Thanks <{POST_SNAPBACK}> Add this to your .htaccess file - it prevents the directory structure from being listed if there is not index.* file: Options -Indexes Brian Neuman
Recommended Posts
Archived
This topic is now archived and is closed to further replies.