Code: Select all
<html><body bgcolor="#FFFFFF"></body></html>Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
You must be on some pathetic hosting that all of your directories are open like that, by default. Do a little searching on the internet, about apache.joomx wrote:For me the latest (1.4.0.0) has a high security leak: empty folders - e.g. try: http://demo.opencart.com/catalog/.
I mean every folder within the OC installation is NOT secured (if directory listing is enabled and no rewrite in the .htaccess is given).
An easy fix for this could be putting an index.html in each OC folder like:Better than nothing and will not blast the package too much.Code: Select all
<html><body bgcolor="#FFFFFF"></body></html>
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
In this day and age, with apache, I really don't think developers need to waste their time putting stupid index.html files into every blank folder.joomx wrote:Try the link i provided ... and than talk with Daniel.
Because of my experience, I know too many provider having this open.
Or/and I know many website owners they do NOT know what they are doing and enabling this setting in their cpanel!
Maybe I am paranoid, but about security no discussion (more this issue is solved with really nothing).
Apache does allow a good htaccess method of doing it.joomx wrote:For me the latest (1.4.0.0) has a high security leak: empty folders - e.g. try: http://demo.opencart.com/catalog/.
I mean every folder within the OC installation is NOT secured (if directory listing is enabled and no rewrite in the .htaccess is given).
An easy fix for this could be putting an index.html in each OC folder like:Better than nothing and will not blast the package too much.Code: Select all
<html><body bgcolor="#FFFFFF"></body></html>
Code: Select all
<? header("Location: ../"); ?>
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
What I am saying is, chose another hosting company then. By default, when a shared hosting or a VPS is created, it should be automatically secured, as far as folders. The message: get another hosting company.joomx wrote:But securing websites (and NOT trusting providers) should be one of the highest priority.
Because nobody can trust hist provider, or webmaster, or admin.
Well I am really sorry, but i own actually more than 15 servers.Yakiv wrote:What I am saying is, chose another hosting company then. By default, when a shared hosting or a VPS is created, it should be automatically secured, as far as folders. The message: get another hosting company.joomx wrote:But securing websites (and NOT trusting providers) should be one of the highest priority.
Because nobody can trust hist provider, or webmaster, or admin.
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
Users browsing this forum: No registered users and 132 guests
