I don't know why some hosting companies have this enabled. Anyway just posting because lately I've just visited a few (perhaps unfinished) links sites and, when I click on the link to visit the page appears with all of their directory displayed.

I would really take measures to stop this from happening as it's leaving your files wide open to people.

I noticed many were hypermart sites. So if your going with hypermart just be aware of this and take steps to protect your directory.

Good Luck!

Glenn
http://cgi-resource.co.uk/pages/links2mods.shtml

For those not sure how to protect yourself, just upload a blank index.html into EVERY folder that does not already have one.

Dave

http://www.ahfb2000.com

Or put a .htaccess in your root html folder with the following inside it...

IndexIgnore *

Or to be fancier add thiss also.....

IndexOptions SuppressColumnSorting SuppressDescription SuppressHTMLPreamble SuppressLastModified SuppressSize


Paul Wilson.
http://www.wiredon.net/gt/
http://www.perlmad.com/

Will you try to hack into my site? I think I have it secured. If not tell me where I forgot to put a .htaccess

http://onemind.hypermart.net

Thats a bit of a strange request seeing as i'm not a hacker

Also simply using .htaccess files will not prevent you from being hacked.

I could just guess your FTP login details and .htaccess wouldn't stop me :)

Search Yahoo for "VoidEye" for ways to check for cgi vulnerabilities.

Anyway what am I meant to be hacking?

Oh by the way I just went to your site and the page showed - 2 seconds later I was prompted for a password and hit cancel and it let me in - you are hacked :)

Paul Wilson.
http://www.wiredon.net/gt/
http://www.perlmad.com/

The main page asked you for a password?

Umm yes and I hit cancel and it let me in. Try it yourself.

I suggest you go and read up on .htaccess

Paul Wilson.
http://www.wiredon.net/gt/
http://www.perlmad.com/

I installed .htaccess per hypermart's suggestions. I did place one in the templates directory. Would this cause the main index to ask for password?

You don't need one in the templates directory.

You put it in the admin directory.

.htaccess content.....

AuthUserFile /FULL/PATH/TO/LINKS/ADMIN/DIRECTORY/.htpasswd
AuthName Secure
AuthType Basic
<Limit GET>
require valid-user
</Limit>

Then login via telnet/ssh and issue:

shell> cd /PATH/TO/LINKS/ADMIN/DIRECTORY/
shell> htpasswd -c .htpasswd USERNAME

It will then ask your for a password and then to confirm it and your .htpasswd file will be made automatically. Your admin directory should then be protected if you followed my instructions.



Paul Wilson.
http://www.wiredon.net/gt/
http://www.perlmad.com/

.htaccess is removed from templates directory. Thank you VERY much I appreciate it completely.

No problem,

Let me know if you succeed or not.

Paul Wilson.
http://www.wiredon.net/gt/
http://www.perlmad.com/

Well it never did that to me from my end. So thanks for doing that for me. Now if I can just figure out why after someone enters in id and password, modifies there listing it returns them to modify_first hehe

OneMind Open Directory Service
http://onemind.hypermart.net

Your "webadadverts" directory is password protected. Every time someone loads a page with the banner program in it it asks for ID/PASS. Remove the .htaccess file from this directory and it should stop.

Happy Coding,

--Drew
http://www.FindingHim.com

Opps...thanks that's taken care of now. Now I have to figure out why after inputting in password and ID..they mod the info and then it sends them back to modify_first.html it's baffling me!

OneMind Open Directory Service
http://onemind.hypermart.net

Sounds like you have incorrectly installed a mod because the ID isn't asked for by default.

Paul Wilson.
http://www.wiredon.net/gt/
http://www.perlmad.com/

On modify_first.html is most certainly is..ID and Password.

OneMind Open Directory Service
http://onemind.hypermart.net

NOT by default!!!

Try opening a fresh modify.html and I don't think you will see ID and Password

By the way modify_first.html doesn't exist either.

Paul Wilson.
http://www.wiredon.net/gt/
http://www.perlmad.com/