Jump to content
xisto Community
Sign in to follow this  
mitchellmckain

Public Access To Subdirs In Public_html what is the security?

Recommended Posts

I know that subdirectories in public_html are accessible to the public on the web if you know their name (the name of the subdirectory). The question is whether there is any easy way to get at them if you do not know their name. Files in these subdirectories are conveniently accessible to you on the web, but how secure are they? Do web crawlers find them and make them accessible to a search even if they contain no html files?

Share this post


Link to post
Share on other sites

See the best way to protect these subfolders is to chmod them to +750 - that way no one from the outside world can get to those directories - but your own files in the main directory can call them and read off them...A good way of stopping bots from indexing these is to play around with the settings in robots.txt file ORI'd suggest an alternative method - I find very useful. Create a completely blank index.html file with just <HTML></HTML> tags and place it in these directories. When the bots - or any random surfer gets to your directory by guesswork - they're forced to a dead halt right there with a completely blank page... Otherwise, say, if your directory contains only images, anyone can view all your images in a directory listing format by entering the whole URL+directory in the browser.. but having a blank index.html stops that completely. That way you don't even need to mess around with chmod. Simple but Very Effective :PRegards,m^e

Share this post


Link to post
Share on other sites

All this is useful info, but....Won't the chmod and blank index.html block my own easy access too? Does the 'no indexing' just block the web crawlers or does it just mean you cannot see the directory contents of the subdirectory?The idea is to have a subdirectory only I know about so I can easily call it up on the web and as long as no one else knows the name of the subdir they cannot get to it. So I guess I just need to block the web crawlers since apparently (if I understand you) the index.html blocks public access to the directory listing of the public_html directory. So no one can find out the name of the subdirectory if they do not know it already, right?how do the webcrawlers find it?

Share this post


Link to post
Share on other sites

I dunno about the cPanel indexing thingie - my guess is that it writes some code into the robots.txt file with a "nofollow" so that directory wouldn't be indexed by the robots.Webcrawlers, obviosuly index by following links... they cannot start making up random directory names - so in case u have some private folder deep within the public_html which only you know of .. give it some random hex name (like a4b1c8d0) or sumthing - and you've got some index.html/php in place in the root public_html folder (which doesn't have any sort of link to this dir or to any page containing links to this dir) - they no crawler can get to ur folder...Still it is advisable that you place a small index.php script in this folder of yours that can ask for authentication - some password and only then let you into the dir.. that'd be a much better option..Regards,m^e

Share this post


Link to post
Share on other sites

What you're asking for sounds rather difficult to do. The first step would be to stop Search Engines getting to it - robots.txt is the ideal way, but I don't know how else to help you there. Sorry I can't be of much assistance.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.