IVERIFII.com - Everything IT
- by Mac Evangelist

Categories

Read iVerifii.com via Email

Your email address:

Powered by FeedBurner

MENU

May
29

Web Site Security Issue : Prevent the Directory Listing & Access.

written by IT Evangelist

There’s always something small and which is not so obvious to us, and this may cause us to overlook it.

We may consider a lot of steps and methods to protect our web sites from being hacked or being spammed from the front end interface, e.g : we might do a lot of thing to control the front end user login access and user registration verification process. Let’s imagine, we control from the front end, but we always over look the back door. Some site owner might consider that the hosting company should do all this for us, but what the hosting company can do is might be protect the server from being down, being spammed and so on, but to protect the web site file is our responsibilities for it.

Here I want to share a simple and easy issue which we should take into considerations, which is to avoid the files & directory listing from the browser. Most of the site now is built based on some popular framework and tools, e.g : WordPress, osCommerce, and etc. These programs are using the standard structure which using a default file and directory naming standard for everyone, every sites. If we didn’t protected the directory or file listing, an unauthorized users can access to our folder easily and more or less will know our sites structure. Thus, we should trying to avoid a directory and files listing.

Follow the following steps to Hide The Directory and File Listing :

  • Step 1 : Go to the File Manager from cpanel / admin panel ( or using FTP clients, access to the .htaccess file, and edit.
  • Step 2 : Add the line in the file, IndexIgnore * and Save it.

Extra Information :

  • Remember to check your .htaccess file permission is 0644.
  • Normally the .htaccess file is a hidden file, if you cannot view it from the cpanel-> File Manager, make sure you’ve choose the View Hidden File option from the File Manager.
  • Some new sites might not include this file, just create a dummy file from your text editor and save as .htaccesss and upload to the server.
  • If your Desktop Text Editor not allowed you to Save As .htaccess extension, just Save As any file name, then Upload to the server and Rename It through the cpanel-File Manager.

We can’t foreseen what people will do if they can access to our directory or file listing, but we just do our small part to make it more safe.

Leave a Comment - Here's your chance to speak.(eMail will not be published)

Look for It

Archives

Ads by Google