Go Back   vb.org Archive > Community Discussions > Forum and Server Management
Reload this Page Security help.
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 09-25-2009, 09:31 PM
Lautaro's Avatar
Lautaro Lautaro is offline
 
Join Date: Jan 2009
Location: United States
Posts: 233
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Security help.
Hello,

I've recently moved my forum to a dedicated server, it has windows server and now all the folders like includes, images, all can be viewed by anybody, i mean, if you go to myforum.com/includes I can see all the files that the folder has .. and there IS a index.html file but it still shows the folder content..

I have:

windows server 2003
for the webserver im using XAMPP

any idea of how to fix this?
Reply With Quote
  #2  
Old 09-25-2009, 09:43 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Remove the link to your forum from your sig.

Turn off your forums, remove your config.php file and change your username/password for your database. Update your config.php file to reflect them, but don't upload it until this issue is resolved.

Now go talk to your host about this issue. That should NOT be happening.
Reply With Quote
  #3  
Old 09-25-2009, 09:52 PM
Lautaro's Avatar
Lautaro Lautaro is offline
 
Join Date: Jan 2009
Location: United States
Posts: 233
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Okay, I did what you said..

now, I am my hosting xD .. I have a dedicated server with Softlayer .. And for the webserver I use a software called XAMPP, and I use windows server 2003 SP1 .. any ideas why the folder contens are displaying indead of a blank page?

if you need any more details let me know.

thanks!
Reply With Quote
  #4  
Old 09-25-2009, 10:11 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Open IIS, then properties for the virtual directory in the General tab un-check the Directroy Browsing option.
Reply With Quote
  #5  
Old 09-25-2009, 10:14 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Sorry, but I don't know windows servers at all, so I have no clue what the problem could be. You may want to search the Server Configuration forum over on vb.com

edit: Anthony to the rescue.
Reply With Quote
  #6  
Old 09-25-2009, 10:22 PM
Lautaro's Avatar
Lautaro Lautaro is offline
 
Join Date: Jan 2009
Location: United States
Posts: 233
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by snakes1100 View Post
Open IIS, then properties for the virtual directory in the General tab un-check the Directroy Browsing option.
I am not very experienced on this. Could you tell me where I find the IIS?

Thanks.
Reply With Quote
  #7  
Old 09-25-2009, 10:37 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
On the start menu, click administrative tools, and then click IIS manager.
Reply With Quote
  #8  
Old 09-25-2009, 10:44 PM
Lautaro's Avatar
Lautaro Lautaro is offline
 
Join Date: Jan 2009
Location: United States
Posts: 233
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hm.. seems like my dedi doesn't has that option, take a look:

http://geupload.com/images/administra.jpg

thanks

edit:

I made a support ticket on softlayer asking about IIS and they told me that they will check if I have it installed in my dedicated server.

thanks again for your support.

--------------- Added 25 Sep 2009 at 18:18 ---------------

Softlayer installed The IIS Manager to my dedi, but now, I can't find the options to disable the directory browsing option.

image:
http://geupload.com/images/iismanager.jpg
Reply With Quote
  #9  
Old 09-26-2009, 11:35 AM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Whats listed under the "+ default website" area?
Reply With Quote
  #10  
Old 09-26-2009, 12:45 PM
Angel-Wings's Avatar
Angel-Wings Angel-Wings is offline
 
Join Date: Sep 2007
Posts: 206
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hmm - Xampp isn't using IIS

It's a typical Apache + MySQL combo so playing with IIS won't help at all. When using a Windows Server anyways you may change your setup to just use MySQL and as Webserver IIS + PHP as Isapi module.
Then setup IIS with directory permissions - like IP protection for "config.php" that only 127.0.0.1 can access it.

But - maybe thought about a managed server ? Just remember the worst case someone will abuse your server for sharing warez or even more bad things ?
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 09:05 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04496 seconds
  • Memory Usage 2,251KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete