vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Forum and Server Management (https://vborg.vbsupport.ru/forumdisplay.php?f=232)
-   -   Security help. (https://vborg.vbsupport.ru/showthread.php?t=223963)

Lautaro 09-25-2009 09:31 PM
Security help.
 
Hello,

I've recently moved my forum to a dedicated server, it has windows server and now all the folders like includes, images, all can be viewed by anybody, i mean, if you go to myforum.com/includes I can see all the files that the folder has .. and there IS a index.html file but it still shows the folder content..

I have:

windows server 2003
for the webserver im using XAMPP

any idea of how to fix this?

Lynne 09-25-2009 09:43 PM
Remove the link to your forum from your sig.

Turn off your forums, remove your config.php file and change your username/password for your database. Update your config.php file to reflect them, but don't upload it until this issue is resolved.

Now go talk to your host about this issue. That should NOT be happening.

Lautaro 09-25-2009 09:52 PM
Okay, I did what you said..

now, I am my hosting xD .. I have a dedicated server with Softlayer .. And for the webserver I use a software called XAMPP, and I use windows server 2003 SP1 .. any ideas why the folder contens are displaying indead of a blank page?

if you need any more details let me know.

thanks!

snakes1100 09-25-2009 10:11 PM
Open IIS, then properties for the virtual directory in the General tab un-check the Directroy Browsing option.

Lynne 09-25-2009 10:14 PM
Sorry, but I don't know windows servers at all, so I have no clue what the problem could be. You may want to search the Server Configuration forum over on vb.com

edit: Anthony to the rescue. :)

Lautaro 09-25-2009 10:22 PM
Quote:
Originally Posted by snakes1100 (Post 1890646)
Open IIS, then properties for the virtual directory in the General tab un-check the Directroy Browsing option.
I am not very experienced on this. Could you tell me where I find the IIS?

Thanks.

snakes1100 09-25-2009 10:37 PM
On the start menu, click administrative tools, and then click IIS manager.

Lautaro 09-25-2009 10:44 PM
Hm.. seems like my dedi doesn't has that option, take a look:

http://geupload.com/images/administra.jpg

thanks

edit:

I made a support ticket on softlayer asking about IIS and they told me that they will check if I have it installed in my dedicated server.

thanks again for your support.

--------------- Added 25 Sep 2009 at 18:18 ---------------

Softlayer installed The IIS Manager to my dedi, but now, I can't find the options to disable the directory browsing option.

image:
http://geupload.com/images/iismanager.jpg

snakes1100 09-26-2009 11:35 AM
Whats listed under the "+ default website" area?

Angel-Wings 09-26-2009 12:45 PM
Hmm - Xampp isn't using IIS ;)

It's a typical Apache + MySQL combo so playing with IIS won't help at all. When using a Windows Server anyways you may change your setup to just use MySQL and as Webserver IIS + PHP as Isapi module.
Then setup IIS with directory permissions - like IP protection for "config.php" that only 127.0.0.1 can access it.

But - maybe thought about a managed server ? Just remember the worst case someone will abuse your server for sharing warez or even more bad things ?


All times are GMT. The time now is 02:23 AM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00996 seconds
  • Memory Usage 1,729KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete