View previous topic :: View next topic |
Have you Ever got Hacked? |
Yes |
|
20% |
[ 1 ] |
No |
|
80% |
[ 4 ] |
|
Total Votes : 5 |
|
Author |
Message |
sunli -
Joined: 27 Apr 2007 Posts: 57 Location: Austin
|
Posted: Wed Sep 26, 2007 12:42 pm Post subject: protecting .txt files? |
|
|
how can i protect .txt files on my webserver being open and viewed by public?
im running abyss webserver x2 2.3.2 |
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Wed Sep 26, 2007 12:54 pm Post subject: Re: protecting .txt files? |
|
|
sunli wrote: | how can i protect .txt files on my webserver being open and viewed by public?
im running abyss webserver x2 2.3.2 |
Use protected folders and set it so you need a password to get into the folder. Store all your text files in there. If they are needed for a script, thats fine as the scripting language will be able to access it fine.
If you're storing passwords in plain text format I suggest you don't. This is a really useless way of doing it. You should use MD5 encryption at the very least. You can also make it more secure by doing
Code: | md5("randomlettersyouset".$password); |
which means you have to put some letters infront of it which never change. That way the hash is never just a hash of the plain password, which could be easily bruteforced if the hash was found.
I hope you understood all of that. _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
rrinc -
Joined: 24 Feb 2006 Posts: 725 Location: Arkansas, USA
|
Posted: Wed Sep 26, 2007 10:09 pm Post subject: |
|
|
Couldn't you rewrite the url for txt files to a 403 page or something? _________________ -Blake | New Server :D
SaveTheInternet
Soy hispanohablante. Puedes contactarme por mensajes privados. |
|
Back to top |
|
|
sunli -
Joined: 27 Apr 2007 Posts: 57 Location: Austin
|
Posted: Wed Sep 26, 2007 10:15 pm Post subject: |
|
|
rrinc wrote: | Couldn't you rewrite the url for txt files to a 403 page or something? |
i can't because my version of the webserver is 2.3.2 |
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Thu Sep 27, 2007 8:10 am Post subject: |
|
|
sunli wrote: | rrinc wrote: | Couldn't you rewrite the url for txt files to a 403 page or something? |
i can't because my version of the webserver is 2.3.2 |
Then you should upgrade to the latest version. _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
sunli -
Joined: 27 Apr 2007 Posts: 57 Location: Austin
|
Posted: Thu Sep 27, 2007 12:31 pm Post subject: |
|
|
AbyssUnderground wrote: | sunli wrote: | rrinc wrote: | Couldn't you rewrite the url for txt files to a 403 page or something? |
i can't because my version of the webserver is 2.3.2 |
Then you should upgrade to the latest version. |
my update this is expired for 1 year.. |
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Thu Sep 27, 2007 12:34 pm Post subject: |
|
|
sunli wrote: | AbyssUnderground wrote: | sunli wrote: | rrinc wrote: | Couldn't you rewrite the url for txt files to a 403 page or something? |
i can't because my version of the webserver is 2.3.2 |
Then you should upgrade to the latest version. |
my update this is expired for 1 year.. |
Unfortunately you can't update without paying for extra update protection. If you have left it too long however you will have to pay for a brand new license. Contact aprelium to see how much it would cost you to get more update protection.
Either that or use the latest Abyss X1. _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
sunli -
Joined: 27 Apr 2007 Posts: 57 Location: Austin
|
Posted: Thu Sep 27, 2007 10:47 pm Post subject: |
|
|
AbyssUnderground wrote: | sunli wrote: | AbyssUnderground wrote: | sunli wrote: | rrinc wrote: | Couldn't you rewrite the url for txt files to a 403 page or something? |
i can't because my version of the webserver is 2.3.2 |
Then you should upgrade to the latest version. |
my update this is expired for 1 year.. |
Unfortunately you can't update without paying for extra update protection. If you have left it too long however you will have to pay for a brand new license. Contact aprelium to see how much it would cost you to get more update protection.
Either that or use the latest Abyss X1. |
is there any scripts for to use html rewrite. i don't want to pay extra |
|
Back to top |
|
|
pkSML -
Joined: 29 May 2006 Posts: 952 Location: Michigan, USA
|
Posted: Thu Sep 27, 2007 11:59 pm Post subject: Re: protecting .txt files? |
|
|
AbyssUnderground wrote: | sunli wrote: | how can i protect .txt files on my webserver being open and viewed by public?
im running abyss webserver x2 2.3.2 |
Use protected folders and set it so you need a password to get into the folder. Store all your text files in there. If they are needed for a script, thats fine as the scripting language will be able to access it fine.
|
Do you know how to do that? I know this will work for your version. It's the easiest way. It will deny access to any unauthorized user for an entire directory. _________________ Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
Back to top |
|
|
admin Site Admin
Joined: 03 Mar 2002 Posts: 1300
|
Posted: Fri Sep 28, 2007 2:07 am Post subject: Re: protecting .txt files? |
|
|
sunli,
There is an easy way to protect a certain type of files or a directory from being served (starting from version 2.0).
Just create an "IP Address Control" rule which:
* Virtual path is:
* Order is "Allow/Deny"
* "Denied IP addresses" contains * (which means deny all IP addresses).
With that rule, any one accessing your .txt pages will get a 403 Forbidden error. _________________ Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
Back to top |
|
|
|