yah quite
coz for a new folder on daily basis it would have to much rush out there in the uploads folder
and btw Matt
you forgot my CSS
(2008-09-06, 03:34 PM)youssef93 Wrote: [ -> ]Can I get access to my attachments anywhere else rather than the thread? Maybe FTP?
Yep, you can access them via FTP, but it might be hard to identify them because MyBB assigns new filenames. You can view the original names in the mybb_attachments table (using phpMyAdmin).
Quote:Finally, can a user do anything to directly reach an attachment they're not authorized to view by trying to somehow gain access to the directory where attachments are saved?
Possibly, if you have directory indexes enabled like Matt_ does (:p) or if they're able to guess the filename. You can easily secure your attachments by placing a
.htaccess file in the uploads directory. This should work:
Options -Indexes
<Files post_*>
Order Allow,Deny
Deny from All
</Files>
(2008-09-06, 10:06 PM)WDZ Wrote: [ -> ]if you have directory indexes enabled like Matt_ does (:p)
Options -Indexes
<Files post_*>
Order Allow,Deny
Deny from All
</Files>
Isn't it meant to be line that?? :o
Will that code fix it for me too??
(2008-09-06, 10:09 PM)Matt_ Wrote: [ -> ]Isn't it meant to be line that?? :o
I don't think so... it's more secure to have indexes disabled by default, and only enable them for certain directories when you want people to be able to view the contents.
http://community.mybboard.net/uploads/200808/ <-- 403 Forbidden
Quote:Will that code fix it for me too??
Yeah, "Options -Indexes" will disable indexes for the uploads directory and all subdirectories. And it couldn't hurt to also deny access to all attachment files (they can still be accessed the normal way through attachment.php).
If you're running MyBB on free host, I think you have to go to the File Manager of your free host ACP, then go into uploads. I'm not sure, but this is just my opinion.