Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

How to prevent surfers going directly to files from the address line ??


Elazar

Recommended Posts

Hi,

 

It seems that surfers copy my images and other thing from my site.

 

Could someone help me please, how to prevent surfers going directly to files from the address line and only have access to my files from the store?

 

Any help please??

 

Thanks in advance ! :rolleyes:

 

Elazar

Link to comment
Share on other sites

I do know that you can do a no-right click script with JS...though I'm doubting it works in Firefox. Just do a quick google on "preventing image stealing". If that's the kind of thing you're looking for.

 

What kind of images are they stealing, would watermarking them be a solution?

Link to comment
Share on other sites

I do know that you can do a no-right click script with JS...though I'm doubting it works in Firefox. Just do a quick google on "preventing image stealing". If that's the kind of thing you're looking for.

 

What kind of images are they stealing, would watermarking them be a solution?

 

Hi,

I want to prevent surfers from entering to directories by typing the link in the address line in the explorer and get to my store file like images file, buttons, logos etc. How can I do that?

 

Do I need to change the chmod of the directories or to use php.ini or haccess file ???

 

Any help please? :huh:

 

Regards,

Elazar

Link to comment
Share on other sites

Hi,

I want to prevent surfers from entering to directories by typing the link in the address line in the explorer and get to my store file like images file, buttons, logos etc. How can I do that?

 

Do I need to change the chmod of the directories or to use php.ini or haccess file ???

 

Any help please? :huh:

 

Regards,

Elazar

On my webhost they have a "Hot Link Protection" feature in the cPanel. I use that to prevent others from linking to my site using my bandwidth.

Link to comment
Share on other sites

On my webhost they have a "Hot Link Protection" feature in the cPanel. I use that to prevent others from linking to my site using my bandwidth.

 

Hi,

Thanks for your reply. I understand what you meant. But my problem is other...

 

I want to prevent users from typing the direct URL to my images directory in their explorer address text line and get into my images directory and download my products pictures !

 

Any help please??

 

Regards,

Elazar

Link to comment
Share on other sites

You could most certainly use a .htaccess file to prevent access. However I'm sure a more elegant solution would be to modify the permissions on that directory. I'm just not sure what the best permissions would be to ensure nothing breaks the osCommerce installation.

 

For me, I'd use the .htaccess solution initially then examine permissions further and implement that solution once I'm happy it doesn't break anything else. :)

Link to comment
Share on other sites

You could most certainly use a .htaccess file to prevent access. However I'm sure a more elegant solution would be to modify the permissions on that directory. I'm just not sure what the best permissions would be to ensure nothing breaks the osCommerce installation.

 

For me, I'd use the .htaccess solution initially then examine permissions further and implement that solution once I'm happy it doesn't break anything else. :)

 

Hi Steve !

 

Thanks for your reply! :)

 

I thought that it would be the best solution. I tried to chmoded, but it does't work good.

 

Could you direct me, how should I do it? PHP is not my strong side... :)

 

Thanks in advance Steve !

 

Elazar

Link to comment
Share on other sites

I just added a total wildcard to the in IndexIgnore in apache config

 

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t, *

 

That last * entry. Any directory they find shows nothing.

 

If they want the pictures they can get them by right clicking, (Windows), by dragging them off the browser window, (Mac), by looking at the page source and grabbing them by URL then. Whatever.

 

But I didn't make it 'easy'.

Link to comment
Share on other sites

I just added a total wildcard to the in IndexIgnore in apache config

 

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t, *

 

That last * entry. Any directory they find shows nothing.

 

If they want the pictures they can get them by right clicking, (Windows), by dragging them off the browser window, (Mac), by looking at the page source and grabbing them by URL then. Whatever.

 

But I didn't make it 'easy'.

 

Thanks Pal !!

 

I am going to try it. I installed IMAGE MAGIC contribution, and now with your trick it will be much more harder ! :)

 

Tell me please? Is there an image software, specially for that, that could enter your text or Logo to the images, then you save them. Then you can sleep better... :) ?? I am sure there is something..

 

Regards,

Elazar

Link to comment
Share on other sites

Could you direct me, how should I do it? PHP is not my strong side... :)

Not sure if you still need it, but I'm gonna post it here for posterity. :P

  • 1. Open up a notepad on your desktop or any other text editor that doesn't include hidden control characters.
    2. Copy the following into the new file:
AuthUserFile ".htpasswd"
AuthName "Secure Area"
AuthType Basic
require valid-user


3. Save as a text file (eg. "htaccess.txt") and upload to the folder you want to protect (eg. /images).
4. Once uploaded, rename the file to ".htaccess". Note: the file will become hidden from view after renaming.
 
Now create the password file:
1. Go to http://www.htaccesstools.com/htpasswd-generator/ and type in a username and password. And submit.
2. Grab the generated script and paste it directly into a new text file.
3. Save the file as a text file (eg. "htpasswd.txt") and upload to the same folder as per the .htaccess file.
4. Once uploaded, rename the file to ".htpasswd".

And that's all there is too it. Be sure to add more users to your .htpasswd file as necessary. Test it out and see how it goes.

 

Note this is the basic setup. You can do more if you want but this should give you the protection you require on those folders.

 

Good luck. :)

Link to comment
Share on other sites

Note this is the basic setup. You can do more if you want but this should give you the protection you require on those folders.

 

Good luck. :)

 

Thank you very much Steve !!! :)

 

I appreciate your help. Thanks.

 

1. Must I use my store admin. user name & password ??

2. Could I use a copy of my ".htaccess". & ".htpasswd". , that I already have in my admin folder ?

or I need to follow your instruction anyway ??

 

Please forgive me for my PHP expertise.. :P

 

Regards,

Elazar

Link to comment
Share on other sites

Please forgive me for my PHP expertise.. :P

None of this is PHP-related. ;) :)

 

1. Must I use my store admin. user name & password ??

No. You can use whatever username/password you want as long as you specify it in the .htpasswd file.

 

2. Could I use a copy of my ".htaccess". & ".htpasswd". , that I already have in my admin folder ?

or I need to follow your instruction anyway ??

Yep, should be no reason why you can't. And in fact, this is probably the best approach since it'll let you use the same username/password for all folders you are protecting. Much easier to remember one set of username/passwords. :)

Link to comment
Share on other sites

None of this is PHP-related. ;) :)

No. You can use whatever username/password you want as long as you specify it in the .htpasswd file.

Yep, should be no reason why you can't. And in fact, this is probably the best approach since it'll let you use the same username/password for all folders you are protecting. Much easier to remember one set of username/passwords. :)

 

 

Thank you very very much Steve for helping me! You are great ! :thumbsup:

 

I put you in my buddy list, If you don't mind of course... :)

 

Have a great day !

 

Elazar

Link to comment
Share on other sites

2. Could I use a copy of my ".htaccess". & ".htpasswd". , that I already have in my admin folder ?

or I need to follow your instruction anyway ??

 

As long as you change the dir info in the .htaccess file to point to the new location or you will have problems logging in!

Link to comment
Share on other sites

As long as you change the dir info in the .htaccess file to point to the new location or you will have problems logging in!

 

Hi nowares.

 

Thanks for reply..

 

I copied my ".htaccess". & ".htpasswd". , that I already have in my admin folder,

 

BUT, when I tried to see my website and I get admin. Login Box :(

 

What I need to do to fix it.. please help.. :)

Link to comment
Share on other sites

Hi nowares.

 

Thanks for reply..

 

I copied my ".htaccess". & ".htpasswd". , that I already have in my admin folder,

 

BUT, when I tried to see my website and I get admin. Login Box :(

 

What I need to do to fix it.. please help.. :)

 

 

I changed the dir to point my images directory.. and still have login box when I go to my store. :(

 

Any help please??

 

Elazar

Link to comment
Share on other sites

Hi again Elazar,

 

I wonder if a better solution might be here. Go check it out and see what you think. I haven't tested it myself yet but maybe this is what you're looking for.

 

I think the problem with the .htaccess file in the images directory is that everytime your website tries to grab an image it wants authentication. I could be wrong though.

 

Nevertheless, check out the link and let us know if that works better. :)

Link to comment
Share on other sites

Hello,

 

I believe you can add a password to the page before entering into the admin area

 

I hope that is what you mean.

 

If anyone out there knows what I am talking about.......That leads to my Question..

 

HOW DO YOU CHANGE THE PASSWORD THAT PROTECTS YOUR ADMIN SECTION?

 

 

WWW.DOMAINNAME.SHOP/ADMIN

 

Then admin, password section should pop up and you enter your password before going into that part?

 

If anyone out there can help me with that, that would be greatly appreciated..!!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...