Hey,
How come anyone can download from /admin/backup/? Is there anyway so that nobody on the internet can download /admin/backup/backupxxxxxxxxx.tar??
I tried to change the CHMOD to 722 it does the trick, but then the AdminCP tells me that it can't read the contents of /admin/backup...
Mine is CHMOD 777 and it does not let people download from it.
sure it does, you can't view the directory, but if you know the exact FILENAME, you can download from it.
Prudens,
Create a .htaccess and .htpasswd file and place them inside your Backup Directory.
This fixes that problem, If you have any other problems I would be happy to assist you.
Thanks,
- Aaron
EDIT: How to create a .htaccess and .htpasswd file. (
See Below)
1) Open NotePad or a Word Editor and put the following inside.
AuthName "Backup Directory"
AuthType Basic
AuthUserFile /full/directory/to/.htpasswd <--(PLACE YOUR INFO HERE TO WHERE .htpasswd is at!)
Require valid-user
Save and name it .htaccess make sure its not saved as a .TXT file!
2) Open NotePad or a Word Editor and put the following inside.
username:password
Save and name it .htpasswd make sure its not saved as a .TXT file!
Who's going to be able to guess a 71 character long string of random numbers?? It'd be impossible to guess and would take years to brute force it.