Jump to content

Recommended Posts

Posted

I just caught someone rummaging around in my /phpvms/lib directory. One can assume someone wanted the code from one of my templates. Does anyone know of a way to prevent access to the directories without hampering the operation of the site?

As for the person who did it, he or she was probably unaware that I log every access to the site and have their IP address, country, browser and system information. If that kind of activity continues, I will gladly publish it all over the internet.:angry:

Posted

Make a new text file, rename it "index.html" or "index.php", write whatever you want in it and upload it too all the directories that previously would show the directory listing (don't have an index.html or index.php). Make sure you don't replace any files.

Posted

Sometimes, incidents like this serve a useful purpose. I hadn't paid too much attention to securing certain things. After all, it's a VA, not the CIA or Mi6. However, I spent most of yesterday, taking care of business. I adjusted my .htaccess file so it is no longer possible to browse directories. I also added index.php pages to those directories that might be tempting. Those pages contain a script that provides me with information on who is attempting to view those directories.

Then, I went a bit further. I blocked a few countries I'm not on good terms with, I blocked anonymous proxy servers and so-called "bad" bots. (I didn't know there was such a thing as good bots.) And, to tidy things up, configured things so the server will not show what is in my .htaccess or other configuration files.

All in all, it was a fun day.:)

Posted

There are a number of sites, that describe all the options available in .htaccess, including the one Nabeel posted in this thread. Google is your friend. They will probably describe things better than I would. If you want to block whole countries, Country IP Blocks has a nice way of preparing the entries you will need to deny access.

Posted

Thanks for the country link thing. So this 'code' literrally just gets enterred as text and all works fine? I have never used it before, so that is why I was wondering from someone who has. I am just not used to doing something "without" code, as it were.

  • Moderators
Posted

One time i got someone was sneeking my files, and i IP banned him and i taught him a lesson how to not go inside the files.

Posted

Thanks for the country link thing. So this 'code' literrally just gets enterred as text and all works fine? I have never used it before, so that is why I was wondering from someone who has. I am just not used to doing something "without" code, as it were.

Yep. Make sure the radio button for deny access is selected before you generate the code.

Just so you know what it looks like, here is a sample.

## Country: CONGO, THE DEMOCRATIC REPUBLIC OF THE

# ISO Code: CD

# Total Networks: 10

# Total Subnets: 16,896

deny from 41.78.104.0/22

deny from 41.79.232.0/22

deny from 41.189.192.0/19

deny from 41.190.80.0/22

deny from 41.215.252.0/22

deny from 41.222.196.0/22

deny from 41.222.216.0/22

deny from 41.223.104.0/22

deny from 193.110.104.0/23

deny from 196.22.8.0/22

It is all plain text and the .htaccess file goes in your root HTML folder.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...