snowrabbit Posted November 4, 2009 Posted November 4, 2009 Does anybody know how to forbid accessing domain/images folder? Try this store: http://www.homedecorr.com/images/ All images are accessible But in this store: http://www.ponyvillages.com/images/ showed: Forbidden You don't have permission to access /images/ on this server. ------------------------------------------------------------ Apache/2.0.52 (CentOS) Server at www.ponyvillages.com Port 80 I tried to change the file permissions to 766 or 744 in cpanel, it did not work, it made all images invisible in the main page.
germ Posted November 4, 2009 Posted November 4, 2009 Does anybody know how to forbid accessing domain/images folder? Try this store: http://www.homedecorr.com/images/ All images are accessible But in this store: http://www.ponyvillages.com/images/ showed: Forbidden You don't have permission to access /images/ on this server. ------------------------------------------------------------ Apache/2.0.52 (CentOS) Server at www.ponyvillages.com Port 80 I tried to change the file permissions to 766 or 744 in cpanel, it did not work, it made all images invisible in the main page. You can "forbid" it with a .htaccess command (I think). I prefer redirection. In the /images folder make an index.php file and put this content in it: <?php header ("Location: http://www.YOURDOMAIN.com/index.php"); ?> Just change the redirect location to suit your needs. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
snowrabbit Posted November 4, 2009 Author Posted November 4, 2009 Really appreciate! I don't know much about php, could you please input a little detail? what is redirection?
germ Posted November 4, 2009 Posted November 4, 2009 Really appreciate! I don't know much about php, could you please input a little detail? what is redirection? Making the viewers browser go to a different page. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
snowrabbit Posted November 4, 2009 Author Posted November 4, 2009 Thank you! what i got after adding a index.php was: Fatal error: Call to undefined function phpheader() in.............on line 1 How can I get the wording above like: Forbidden You don't have permission to access /images/ on this server.
germ Posted November 4, 2009 Posted November 4, 2009 Thank you! what i got after adding a index.php was: Fatal error: Call to undefined function phpheader() in.............on line 1 How can I get the wording above like: Forbidden You don't have permission to access /images/ on this server. Make sure the code appears just as I posted it. Three lines of code. If you copy/paste from the forum it may have "run together" on one line. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
snowrabbit Posted November 4, 2009 Author Posted November 4, 2009 I understand what the php means now, it will go to my main page when browsing domain/images. isn't? I found a lots of stores come up with the wording "Forbidden.........." don't know how. Anyway, your way also make my images folder un-accessible. That is great! Thank you so much!
DnL Crafts Posted January 5, 2010 Posted January 5, 2010 You can "forbid" it with a .htaccess command (I think). I prefer redirection. In the /images folder make an index.php file and put this content in it: <?php header ("Location: http://www.YOURDOMAIN.com/index.php"); ?> Just change the redirect location to suit your needs. Hi, and thanks for the information. I appreciate all the wonderful information and helpers in these forums. My question is if I make this folder or make and index.html that says they are forbidden or what ever, will this stop the hackers if the chmod is set to 777 so I can upload images from admin? I have my chmod set to 755 on images. I did the instant chat with my ISP and sent a line from another post that said it was something they had to take care of - Well they fixed it so I could upload pictures from admin I was happy until I checked cPanel and they had set the chmod to 777. That was their cure so I am looking again. I was hacked about mid Dec like all the others and I think I have that bit taken care of with the cures and fixes from else where in the forums. Only problem left to resolve (I think) is uploading pictures in admin. Thanks much for your help. Lou Lou BrownFlorida Panhandle USA
♥mdtaylorlrim Posted January 5, 2010 Posted January 5, 2010 You can "forbid" it with a .htaccess command (I think). If you have access to the server config file then properly config your server so browsing folders is not allowed. If you do not have access (hosted solution) then yes, an .htaccess file will do the trick, much better than some of these other solutions. Options -Indexes Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...?
germ Posted January 7, 2010 Posted January 7, 2010 There is code to put in a .htaccess file in this thread you might consider using. It doesn't stop hackers from uploading files into a folder with 777 permissions, but it does stop them from RUNNING the hack code. Hack code that can't be ran is just another harmless text file. I tried it and I do know for a fact it prevents PHP files from running. :thumbsup: If you can't/don't want to switch hosts and go to one where the images folder wouldn't have to be 777 in order to use osC this could be a viable alternative. There is also a contribution called "osC Filebrowser" you could consider installing (I did). With it you would use FTP (or some other means) to upload images, and osC Filebrowser let's you choose them from your /catalog/images in your admin when adding products/categories in lieu of uploading from your PC in the admin. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.