9 replies to this topic

[snowrabbit]

Does anybody know how to forbid accessing domain/images folder?

Try this store:
http://www.homedecorr.com/images/

All images are accessible


But in this store:
http://www.ponyvillages.com/images/

showed: Forbidden
You don't have permission to access /images/ on this server.
------------------------------------------------------------
Apache/2.0.52 (CentOS) Server at www.ponyvillages.com Port 80


I tried to change the file permissions to 766 or 744 in cpanel, it did not work, it made all images invisible in the main page.

[germ]

snowrabbit, on 04 November 2009, 02:46, said:

Does anybody know how to forbid accessing domain/images folder?

Try this store:
http://www.homedecorr.com/images/

All images are accessible


But in this store:
http://www.ponyvillages.com/images/

showed: Forbidden
You don't have permission to access /images/ on this server.
------------------------------------------------------------
Apache/2.0.52 (CentOS) Server at www.ponyvillages.com Port 80


I tried to change the file permissions to 766 or 744 in cpanel, it did not work, it made all images invisible in the main page.

You can "forbid" it with a .htaccess command (I think).

I prefer redirection.

In the /images folder make an index.php file and put this content in it:

<?php
header ("Location: http://www.YOURDOMAIN.com/index.php");
?>

Just change the redirect location to suit your needs.

[snowrabbit]

Really appreciate!

I don't know much about php, could you please input a little detail? what is redirection?

[germ]

snowrabbit, on 04 November 2009, 03:29, said:

Really appreciate!

I don't know much about php, could you please input a little detail? what is redirection?

Making the viewers browser go to a different page.

[snowrabbit]

Thank you!

what i got after adding a index.php was:

Fatal error: Call to undefined function phpheader() in.............on line 1


How can I get the wording above like:

Forbidden
You don't have permission to access /images/ on this server.

[germ]

snowrabbit, on 04 November 2009, 03:37, said:

Thank you!

what i got after adding a index.php was:

Fatal error: Call to undefined function phpheader() in.............on line 1


How can I get the wording above like:

Forbidden
You don't have permission to access /images/ on this server.

Make sure the code appears just as I posted it.

Three lines of code.

If you copy/paste from the forum it may have "run together" on one line.

[snowrabbit]

I understand what the php means now, it will go to my main page when browsing domain/images. isn't?



I found a lots of stores come up with the wording "Forbidden.........." don't know how.

Anyway, your way also make my images folder un-accessible. That is great!

Thank you so much!

[crasales]

germ, on 04 November 2009, 02:52, said:

You can "forbid" it with a .htaccess command (I think).

I prefer redirection.

In the /images folder make an index.php file and put this content in it:

<?php
header ("Location: http://www.YOURDOMAIN.com/index.php");
?>

Just change the redirect location to suit your needs.

Hi, and thanks for the information. I appreciate all the wonderful information and helpers in these forums. My question is if I make this folder or make and index.html that says they are forbidden or what ever, will this stop the hackers if the chmod is set to 777 so I can upload images from admin?

I have my chmod set to 755 on images. I did the instant chat with my ISP and sent a line from another post that said it was something they had to take care of - Well they fixed it so I could upload pictures from admin I was happy until I checked cPanel and they had set the chmod to 777. That was their cure so I am looking again. I was hacked about mid Dec like all the others and I think I have that bit taken care of with the cures and fixes from else where in the forums. Only problem left to resolve (I think) is uploading pictures in admin.

Thanks much for your help.

Lou

Edited by crasales, 05 January 2010, 19:47.

[mdtaylorlrim]

germ, on 04 November 2009, 02:52, said:

You can "forbid" it with a .htaccess command (I think).

If you have access to the server config file then properly config your server so browsing folders is not allowed. If you do not have access (hosted solution) then yes, an .htaccess file will do the trick, much better than some of these other solutions.

Options -Indexes

[germ]

There is code to put in a .htaccess file in this thread you might consider using.

It doesn't stop hackers from uploading files into a folder with 777 permissions, but it does stop them from RUNNING the hack code.

Hack code that can't be ran is just another harmless text file.

I tried it and I do know for a fact it prevents PHP files from running.


If you can't/don't want to switch hosts and go to one where the images folder wouldn't have to be 777 in order to use osC this could be a viable alternative.

There is also a contribution called "osC Filebrowser" you could consider installing (I did).

With it you would use FTP (or some other means) to upload images, and osC Filebrowser let's you choose them from your /catalog/images in your admin when adding products/categories in lieu of uploading from your PC in the admin.