The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

a security question

Discussion in 'Security' started by mahdionline, Aug 9, 2004.

  1. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    if a folder or root directory havnot a index page, when a user call that domain or folder , it see the list of files in that folder. :(


    what can i do to avoid displaying the files in any folder that havenot an index page. !

    Regard
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  3. eazistore

    eazistore Well-Known Member

    Joined:
    Nov 7, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Singapore
    Hi mahdionline,

    I suggest you to disable some php functions.
    Add the following line in your php.ini should work:

    (locate at /usr/local/lib/php.ini if you are using cpanel)
    disable_functions =
    dl,exec,passthru,proc_open,proc_close,shell_exec,system,popen

    then restart your httpd.

    But please be warn. If any php scripts stop working, you can edit this line dl,exec,passthru,proc_open,proc_close,shell_exec,system,popen to tune it.

    I have help a friend with that and also, when I try to use your mention script to call via http, it shows error. Try it and you shall see the result.

    Lastly,
    Please make a backup copy of your php.ini
     
  4. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    I think you meant to post this in his other thread (#2).

    This is a noindex issue.
     
  5. eazistore

    eazistore Well-Known Member

    Joined:
    Nov 7, 2003
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Singapore
    Oh yes, this should be posted in the other thread (2).
    My mistakes... sorry :(
     
  6. mahdionline

    mahdionline Well-Known Member

    Joined:
    Oct 18, 2003
    Messages:
    127
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    I'm confused :

    I see , we have two httpd.conf on our server :

    usr/local/apache/conf/httpd.conf
    and
    etc/httpd/conf/httpd.conf

    Which one is master file ?
    I add -Indexes to my /usr/local/apache/conf/httpd.conf file and then restart apache from whm, but the problem donot solved and still i can the contain of a folder that havnot index page.
    Regard
     
    #6 mahdionline, Nov 24, 2004
    Last edited: Nov 24, 2004
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    They're the same file - the directory above is a symlink.

    You should follow the thread I posted in my reply.
     
Loading...

Share This Page