The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FTP Security Hole & Site IP Restriction

Discussion in 'Data Protection' started by thehostingland, Aug 1, 2012.

  1. thehostingland

    Joined:
    Jan 5, 2012
    Messages:
    14
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Dear Forum Admins , Mods , Members ,

    I have a 2 question to get clarified now from you .Will tray to explain as much as i can .

    Q1 : For instance let the domain name be http://www.abc.com and i created some FTP Ac's via cpanel i.e., for instance mark@abc.com , sam@abc.com , peter@abc.com . Now if i enter ftp.abc.com via browser it asks for login details so as for now everything is perfect but my issue then is if i enter http://www.abc.com via browser since there is no index files it is directly listing all folder names and if i click any name for instance "mark" it is displaying all folder contents instead of asking ftp login details as i secured it earlier via ftp.Even if i create a index file to hide the folder list view in home page if someone knows the name mark he can directly enter without details via browser like http://abc.com/mark :( .So, kindly guide me now with the steps how to protect the ftp folders even in HTTP search instead of FTP search alone .

    Q2 : I am basically a Web designer , Now i am on a project where i want only me and my client to see the working site on the cpanel , exactly to say i want only my clients IP and my IP to get allowed to view the site till the site came for final version . SO ,kindly guide me on making the IP restriction to particular cPanel in WHM that too allowing only two ip's . NOTE : We both have static IP :)
     
    #1 thehostingland, Aug 1, 2012
    Last edited: Aug 1, 2012
  2. CitizenK

    CitizenK Well-Known Member

    Joined:
    Jun 5, 2012
    Messages:
    64
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    On The Road
    cPanel Access Level:
    Root Administrator
    Hello,

    Hopefully I can provide some clarification to your issue. From the above description it sounds like you are using ~/public_html/mark as the ftp home for mark. By default you will be able to see all of the files uploaded by mark because his ftp home directory is in the public_html folder.

    To secure that directory you can use the Password Protect Directories option in the cpanel interface to require a user to have to authenticate before being able to view the directory. The passwords and users will not sync between the http authentication (the Password Protected Directories) and the ftp authentication (used by the ftp accounts) so you will be able to manage access for each separately. This will allow you to add users who can view the site without allowing them to edit it.

    Regarding your second question, I would recommend using the Password Protected Directories mentioned above to control access. However if you do want to limit access by only certain IPs, you would have to use an .htaccess file in the directory you are protecting to achieve this. If you were blocking everyone but the two IPs 1.2.3.4 and 4.3.2.1 your .htaccess file may look like this:

    Code:
    AuthName "Client Area"
    AuthType Basic 
    <Limit GET POST>
    order deny,allow
    deny from all
    allow from 1.2.3.4
    allow from 4.3.2.1
    </limit>
    You would want to place that in the directory that you would want to protect. Note that often ftp clients & the cPanel file manager will hide files that start with a peroid. You will have to enable viewing of hiden files to work with the .htaccess files.

    In the cPanel file manager you can do this by by checking "Show Hidden Files (dotfiles)." on the Directory Selection screen when you open the file manager.

    You can read more about .htaccess files in the following forum thread.
    http://forums.cpanel.net/f185/restrict-access-site-ip-address-158193.html

    Please let us know if you have any questions,
     
  3. thehostingland

    Joined:
    Jan 5, 2012
    Messages:
    14
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thanks , That solves my issue ...

    Also i started creating rest of my accounts on the upper level directory of public_html so that it wont show in http area
     
Loading...

Share This Page