Gossamer Forum
(Advanced Search)
for
Home : Products : Links 2.0 : Discussions :

Prevent hackers from downloading my DB.

Jul 16, 2000, 5:54 PM
dindondan
New User (4 posts)
Jul 16, 2000, 5:54 PM
Post #1 of 5
Views: 2291
Shortcut
Quote Reply
Prevent hackers from downloading my DB.
Even though my admin directory is password protected, if one guesses the path of my .db files in the data dir, he can download them easily.

The problem is that my cgi-bin directory is inside the htdocs folder in an IIS4 server.

Has anyone succeded in securing the data directory outside the web directory while keeping all .cgi and .pl scripts inside? What kind of mod would this require?

In Unix Apache I use ScriptAlias in httpd.conf, but in colorful Winnt?

Thanx in advance, Daniele Gubert.




Jul 17, 2000, 7:15 AM
Catflap01
User (70 posts)
Jul 17, 2000, 7:15 AM
Post #2 of 5
Views: 2189
Shortcut
Quote Reply
Re: Prevent hackers from downloading my DB. In reply to
Ok dumb question because I honestly don't know.. but surely if you set the db file to CHMOD 700 then it can't be read or executed outside of the server...

That would mean that you can't have any other hosts writing to your db but then why would you want to?

Can someone tell me if this is right?

Oh and yes, I do know that someone with ftp access could get into it but I think we're talking about web access though aren't we.

Just a thought cos I'd love to know if I'm right Smile

Cheers

Martin

The impossible we can handle now
Miracles take a little longer
Jul 17, 2000, 8:13 AM
Cebidae
User (167 posts)
Jul 17, 2000, 8:13 AM
Post #3 of 5
Views: 2183
Shortcut
Quote Reply
Re: Prevent hackers from downloading my DB. In reply to
Sounds like a pretty reasonable answer to me. I would have thought that FTP access is protected with a userid and password.

Also, it's a good idea to place an index.html file in each subdirectory because this prevents a directory listing being sent to the browser.

Martin Webster
--
Cebidae's UK Internet Resource
http://www.cebidae.co.uk/
Jul 17, 2000, 12:15 PM
pavka
New User (3 posts)
Jul 17, 2000, 12:15 PM
Post #4 of 5
Views: 2180
Shortcut
Quote Reply
Re: Prevent hackers from downloading my DB. In reply to
They can have your database in a matter of minutes anyway.
TeleportPro - download all your site (it's static, after all) - analize it with a simple parser - import it in a database of their own.
I know people who did this with a web-directory with 10 000 links and it took them less than an hour.

Jul 17, 2000, 3:46 PM
Catflap
Novice (39 posts)
Jul 17, 2000, 3:46 PM
Post #5 of 5
Views: 2161
Shortcut
Quote Reply
Re: Prevent hackers from downloading my DB. In reply to
Hmm, perhaps this is a possible suggestion for a MOD then.. something that looks at the number of page requests and blocks them somehow...

It's likely to be a seperate program but I'd have thought something like this would be possible. Although to tell you the truth, with some sites like mine for example they'd have a job getting half the data out using such a method.

But hey, this is about reducing the chances or making it plain hard for people like that anyways...

Martin