Protecting A Directory From Deliberate Access how do i do it?

[darran 0]

I am a noob when it comes to hosting stuff. I want to protect my files I have hosted, but I am not sure how to go about doing this. I want to host all my J2ME source code in that particular directory but at the same time, I do not want people to simply access the page and then take the file as they please. I have seen this kind of security measure when you type a certain directory folder e.g. http://forums.xisto.com/no_longer_exists/ he would not be able to get a file listing directory but instead, an error message. Can someone guide me on how to achieve this?

[QuickSilva 0]

Right ok, You can either:

1. Have a password popup

To do this:

In cPanel click "Web Protect", then select the folder. At the top it will have a check box and an input. Tick the check box and in the input put what you want it like it to say then click "Save". Next at the bottom, where it says "Add New User" there are two inputs. Put what you want your username to be and in the other the password. Then click "Add New User". To test what you have just done, open up the folder in a web browser and a password popup should come up.

 

2. Forbidden

Right this isn't as good, as I believe people can access your files if they type the full URL to the file in. But just the folder and it will show up "403 Forbidden" error.

To do this:

In cPanel click "Index Manager". Click the directory you wish to protect and then on the next page click "No Indexes". That will protect the directory. Go to it in a web browser to validate that it works.

 

-Tom

[jlhaslip 4]

Your Cpanel has the capability for you to set / define Custom error pages. Check that out. Also, check the security re-driects available by using the .htaccess file.

[BuffaloHelp 24]

You can also use CHMOD value of 700 to prevent even further. By preventing other than yourself to read those files/directory you can be sure that no one can even get a glimps of the file.But if you want to execute these files as part of scripts (like you mentioned) webprotect will not work. htaccess and robots would be the best way so that people and search engines won't even know your files exist in the first place.For each j2me souce file, perhaps you can place a session id where if your single souce file is called, it redirects to another page thereby not revealing the original page. As far as I can tell J2ME is still the client side JAVA thus anyone can download the file and view its source.The only way to really prevent your scripts from being "seen" is to run it server side, i.e. PHP. PHP code cannot be seen at 95% of the time.

[darran 0]

Thanks guys for the suggestions, I have implemented the webprotect, a password to access the folder and also the indexing of files is off, so people cannot download it, but just to make sure. Can you test the folder?

http://forums.xisto.com/no_longer_exists/

[jlhaslip 4]

It asks for a user name and password (which I didn't have) and then displays the 404 error page. Looks secure enough.

[darran 0]

Then it should be secure from the looks of things? They not only need a password to access the directory but also even if they do, they can't view the contents, the only way they can get the files are through FTP access. Is there anyway ANYONE could break through the security I have implemented though?

[QuickSilva 0]

Not that I know of really. If they do gain access to the .htpasswd file (think that is the filename) the password is encrypted anyway, and I think cPanel auto makes this forbidden aswell, so they have no look that way. The only way really is brute forcing the username and password to get in, and even if it was the best protected in the world, and somebody bruteforced the username and password they could get in (within reason). I don't think there is any bruteforce protection scripts out there.

[darran 0]

I remembered the way to stop bruteforce, would be to disable any login attempts if the user fails to type in the right password in 3 attempts. I do not know whether this is implemented in CPanel though or is this a feature we would have to implement ourselves?