Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security Alert ????? How do I protect


I-can-fix-it

Recommended Posts

Posted

Hi all I was browsing through the server log and came across this.

Notice things like this behind the directory ?C=N%3BO=D

and while testing on localhost I noticed that the intire image directory is accessable with the below links and it seems that yahoo has spiders indexing these files direct How can I prevent this folder from being viewed.

I have tried the same code on a couple of other osCommerse sites sorry about that and sorry to say it does it on others servers as well as my own.

Is this a security issue?

HOW CAN I PROTECT THE IMAGE FOLDER?? :devil:

Any ideas . Have alook at what they have access to ???????

 

68.142.251.150 - - [26/Apr/2005:23:13:02 +1000] "GET /robots.txt HTTP/1.0" 200 3846

68.142.249.57 - - [26/Apr/2005:23:13:03 +1000] "GET /catalog/images/ HTTP/1.0" 200 84640

68.142.249.84 - - [26/Apr/2005:23:13:19 +1000] "GET /catalog/images/icons/ HTTP/1.0" 200 4424

68.142.250.38 - - [26/Apr/2005:23:13:21 +1000] "GET /catalog/images/mail/ HTTP/1.0" 200 853

68.142.249.75 - - [26/Apr/2005:23:13:25 +1000] "GET /catalog/images/icons/?C=D%3BO=A HTTP/1.0" 200 4424

68.142.249.198 - - [26/Apr/2005:23:13:28 +1000] "GET /catalog/images/default/ HTTP/1.0" 200 1186

68.142.249.96 - - [26/Apr/2005:23:13:24 +1000] "GET /catalog/images/?C=M%3BO=A HTTP/1.0" 200 84640

68.142.250.126 - - [26/Apr/2005:23:13:37 +1000] "GET /catalog/images/dvd/ HTTP/1.0" 200 851

68.142.251.29 - - [26/Apr/2005:23:13:40 +1000] "GET /catalog/images/imagecache/?C=S%3BO=A HTTP/1.0" 200 627

68.142.249.182 - - [26/Apr/2005:23:13:35 +1000] "GET /catalog/images/?C=D%3BO=A HTTP/1.0" 200 84640

68.142.250.126 - - [26/Apr/2005:23:13:42 +1000] "GET /catalog/images/imagecache/?C=M%3BO=A HTTP/1.0" 200 627

68.142.250.184 - - [26/Apr/2005:23:13:42 +1000] "GET /catalog/images/imagecache/?C=N%3BO=D HTTP/1.0" 200 627

68.142.251.198 - - [26/Apr/2005:23:13:42 +1000] "GET /catalog/images/icons/?C=M%3BO=A HTTP/1.0" 200 4424

68.142.250.91 - - [26/Apr/2005:23:13:43 +1000] "GET /catalog/images/default/?C=N%3BO=D HTTP/1.0" 200 1186

68.142.251.146 - - [26/Apr/2005:23:13:43 +1000] "GET /catalog/images/infobox/ HTTP/1.0" 200 1381

68.142.251.76 - - [26/Apr/2005:23:13:46 +1000] "GET /catalog/images/mail/?C=S%3BO=A HTTP/1.0" 200 853

68.142.249.37 - - [26/Apr/2005:23:13:46 +1000] "GET /catalog/images/mail/?C=M%3BO=A HTTP/1.0" 200 853

68.142.249.167 - - [26/Apr/2005:23:13:47 +1000] "GET /catalog/images/mail/?C=N%3BO=D HTTP/1.0" 200 853

68.142.250.99 - - [26/Apr/2005:23:13:48 +1000] "GET /catalog/images/default/?C=D%3BO=A HTTP/1.0" 200 1186

68.142.251.61 - - [26/Apr/2005:23:13:49 +1000] "GET /catalog/images/mail/?C=D%3BO=A HTTP/1.0" 200 853

68.142.251.96 - - [26/Apr/2005:23:13:53 +1000] "GET /catalog/images/icons/?C=S%3BO=A HTTP/1.0" 200 4424

68.142.250.13 - - [26/Apr/2005:23:13:58 +1000] "GET /catalog/images/dvd/?C=S%3BO=A HTTP/1.0" 200 851

68.142.251.161 - - [26/Apr/2005:23:14:03 +1000] "GET /catalog/images/dvd/?C=N%3BO=D HTTP/1.0" 200 851

68.142.250.86 - - [26/Apr/2005:23:14:07 +1000] "GET /catalog/images/dvd/?C=M%3BO=A HTTP/1.0" 200 851

68.142.249.99 - - [26/Apr/2005:23:14:09 +1000] "GET /catalog/images/dvd/?C=D%3BO=A HTTP/1.0" 200 851

68.142.249.94 - - [26/Apr/2005:23:14:24 +1000] "GET /catalog/images/infobox/?C=S%3BO=A HTTP/1.0" 200 1381

68.142.249.41 - - [26/Apr/2005:23:14:29 +1000] "GET /catalog/images/infobox/origional-buttons-frominfo-box-folder/ HTTP/1.0" 200 1317

68.142.251.98 - - [26/Apr/2005:23:14:33 +1000] "GET /catalog/images/infobox/origional-buttons-frominfo-box-folder/?C=M%3BO=A HTTP/1.0" 200 1317

68.142.249.197 - - [26/Apr/2005:23:14:34 +1000] "GET /catalog/images/infobox/origional-buttons-frominfo-box-folder/?C=D%3BO=A HTTP/1.0" 200 1317

68.142.250.172 - - [26/Apr/2005:23:14:48 +1000] "GET /catalog/images/banners/?C=D%3BO=A HTTP/1.0" 200 980

68.142.251.57 - - [26/Apr/2005:23:14:51 +1000] "GET /catalog/images/infobox/origional-buttons-frominfo-box-folder/?C=S%3BO=A HTTP/1.0" 200 1317

68.142.250.181 - - [26/Apr/2005:23:14:53 +1000] "GET /catalog/images/banners/?C=S%3BO=A HTTP/1.0" 200 980

68.142.251.173 - - [26/Apr/2005:23:14:55 +1000] "GET /catalog/images/banners/?C=N%3BO=D HTTP/1.0" 200 980

68.142.251.71 - - [26/Apr/2005:23:14:56 +1000] "GET /catalog/images/infobox/?C=N%3BO=D HTTP/1.0" 200 1381

 

 

the net range indicates.

 

NetRange: 68.142.192.0 - 68.142.255.255

CIDR: 68.142.192.0/18

NetName: INKTOMI-BLK-4

NetHandle: NET-68-142-192-0-1

Parent: NET-68-0-0-0-0

NetType: Direct Allocation

NameServer: NS1.YAHOO.COM

NameServer: NS2.YAHOO.COM

NameServer: NS3.YAHOO.COM

NameServer: NS4.YAHOO.COM

NameServer: NS5.YAHOO.COM

 

How do I protect the image folder???(!)

 

THANKS

Posted
Turn off directory indexing.

Ok I didnt have the image file included inside the robots.txt to prevent spiders from indexing this file,But I did have updated spiders.txt installed.

But that still makes the file assessable to others regardless?

How can I protect it!

Thanks

Posted
Ok I didnt have the image file included inside the robots.txt to prevent spiders from indexing this file,But I did have updated spiders.txt installed.

But that still makes the file assessable to others regardless?

How can I protect it!

Thanks

 

Add this to your .htaccess file - it prevents the directory structure from being listed if there is not index.* file:

 

Options -Indexes

Brian Neuman

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...