Jump to content
xisto Community
Sign in to follow this  
darran

Protecting A Directory From Deliberate Access how do i do it?

Recommended Posts

I am a noob when it comes to hosting stuff. I want to protect my files I have hosted, but I am not sure how to go about doing this. I want to host all my J2ME source code in that particular directory but at the same time, I do not want people to simply access the page and then take the file as they please. I have seen this kind of security measure when you type a certain directory folder e.g. http://forums.xisto.com/no_longer_exists/ he would not be able to get a file listing directory but instead, an error message. Can someone guide me on how to achieve this?

Share this post


Link to post
Share on other sites

Right ok, You can either:

1. Have a password popup

To do this:

In cPanel click "Web Protect", then select the folder. At the top it will have a check box and an input. Tick the check box and in the input put what you want it like it to say then click "Save". Next at the bottom, where it says "Add New User" there are two inputs. Put what you want your username to be and in the other the password. Then click "Add New User". To test what you have just done, open up the folder in a web browser and a password popup should come up.

 

2. Forbidden

Right this isn't as good, as I believe people can access your files if they type the full URL to the file in. But just the folder and it will show up "403 Forbidden" error.

To do this:

In cPanel click "Index Manager". Click the directory you wish to protect and then on the next page click "No Indexes". That will protect the directory. Go to it in a web browser to validate that it works.

 

-Tom

Share this post


Link to post
Share on other sites

Your Cpanel has the capability for you to set / define Custom error pages. Check that out. Also, check the security re-driects available by using the .htaccess file.

Share this post


Link to post
Share on other sites

You can also use CHMOD value of 700 to prevent even further. By preventing other than yourself to read those files/directory you can be sure that no one can even get a glimps of the file.But if you want to execute these files as part of scripts (like you mentioned) webprotect will not work. htaccess and robots would be the best way so that people and search engines won't even know your files exist in the first place.For each j2me souce file, perhaps you can place a session id where if your single souce file is called, it redirects to another page thereby not revealing the original page. As far as I can tell J2ME is still the client side JAVA thus anyone can download the file and view its source.The only way to really prevent your scripts from being "seen" is to run it server side, i.e. PHP. PHP code cannot be seen at 95% of the time.

Share this post


Link to post
Share on other sites

It asks for a user name and password (which I didn't have) and then displays the 404 error page. Looks secure enough.

Share this post


Link to post
Share on other sites

Then it should be secure from the looks of things? They not only need a password to access the directory but also even if they do, they can't view the contents, the only way they can get the files are through FTP access. Is there anyway ANYONE could break through the security I have implemented though?

Share this post


Link to post
Share on other sites

Not that I know of really. If they do gain access to the .htpasswd file (think that is the filename) the password is encrypted anyway, and I think cPanel auto makes this forbidden aswell, so they have no look that way. The only way really is brute forcing the username and password to get in, and even if it was the best protected in the world, and somebody bruteforced the username and password they could get in (within reason). I don't think there is any bruteforce protection scripts out there.

Share this post


Link to post
Share on other sites

I remembered the way to stop bruteforce, would be to disable any login attempts if the user fails to type in the right password in 3 attempts. I do not know whether this is implemented in CPanel though or is this a feature we would have to implement ourselves?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.