Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Password Protect All Directories?
#1
Star 
Using cpanel password directories, are there any disadvantages of protecting all our directories except for our main forums off course...so member can come and go.

???

Thanks
#2
This user has been denied support. This user has been denied support.
I'm not sure but I think the images and upload folders will be a major problem. I would recommend password protecting the plugins and admin directory and make sure settings.php and config.php are CHMOD to 644.
#3
(2012-09-30, 04:25 AM)kamz89 Wrote: I'm not sure but I think the images and upload folders will be a major problem. I would recommend password protecting the plugins and admin directory and make sure settings.php and config.php are CHMOD to 644.

There's no need to password protect directories that shouldn't be accessed by anyone, simply deny access to everyone in those directories. In this case you might as well deny access the whole ./inc/ directory as by default there aren't any client side resources uploaded there and it also protected config.php and settings.php.

http://www.mybbsecurity.net/topic-protec...-directory
No longer involved in the MyBB project.
#4
Or a simple chmod 600 would do that too. Without the added layer of Apache controls via .htaccess.
#5
This user has been denied support. This user has been denied support.
(2012-09-30, 06:05 AM)Nathan Malcolm Wrote:
(2012-09-30, 04:25 AM)kamz89 Wrote: I'm not sure but I think the images and upload folders will be a major problem. I would recommend password protecting the plugins and admin directory and make sure settings.php and config.php are CHMOD to 644.

There's no need to password protect directories that shouldn't be accessed by anyone, simply deny access to everyone in those directories. In this case you might as well deny access the whole ./inc/ directory as by default there aren't any client side resources uploaded there and it also protected config.php and settings.php.

http://www.mybbsecurity.net/topic-protec...-directory

True but I'm always connected on a VPN so my IP changes everytime I connect to a VPN. I have to hide under a VPN due to privacy reasons and now due to this I can't deny all IPs because if I do then I would lock myself out of the ACP.
#6
If using password. So who can access your site?
#7
How do you password protect plugins?
#8
(2012-10-02, 01:16 AM)kamz89 Wrote:
(2012-09-30, 06:05 AM)Nathan Malcolm Wrote:
(2012-09-30, 04:25 AM)kamz89 Wrote: I'm not sure but I think the images and upload folders will be a major problem. I would recommend password protecting the plugins and admin directory and make sure settings.php and config.php are CHMOD to 644.

There's no need to password protect directories that shouldn't be accessed by anyone, simply deny access to everyone in those directories. In this case you might as well deny access the whole ./inc/ directory as by default there aren't any client side resources uploaded there and it also protected config.php and settings.php.

http://www.mybbsecurity.net/topic-protec...-directory

True but I'm always connected on a VPN so my IP changes everytime I connect to a VPN. I have to hide under a VPN due to privacy reasons and now due to this I can't deny all IPs because if I do then I would lock myself out of the ACP.

you are missing the point, just use deny from all and be done with it. no one, not even you on your own site, needs direct HTTP access to anything other the forum root, admin and uploads folders. using deny from all in htaccess does not impact php calling the files, nor (S)FTP access to the folder.
Lost interest, sold my sites, will browse here once in a while. It's been fun.
#9
This user has been denied support. This user has been denied support.
(2012-11-03, 03:08 AM)pavemen Wrote:
(2012-10-02, 01:16 AM)kamz89 Wrote:
(2012-09-30, 06:05 AM)Nathan Malcolm Wrote:
(2012-09-30, 04:25 AM)kamz89 Wrote: I'm not sure but I think the images and upload folders will be a major problem. I would recommend password protecting the plugins and admin directory and make sure settings.php and config.php are CHMOD to 644.

There's no need to password protect directories that shouldn't be accessed by anyone, simply deny access to everyone in those directories. In this case you might as well deny access the whole ./inc/ directory as by default there aren't any client side resources uploaded there and it also protected config.php and settings.php.

http://www.mybbsecurity.net/topic-protec...-directory

True but I'm always connected on a VPN so my IP changes everytime I connect to a VPN. I have to hide under a VPN due to privacy reasons and now due to this I can't deny all IPs because if I do then I would lock myself out of the ACP.

you are missing the point, just use deny from all and be done with it. no one, not even you on your own site, needs direct HTTP access to anything other the forum root, admin and uploads folders. using deny from all in htaccess does not impact php calling the files, nor (S)FTP access to the folder.

Oh shoot you have a point. I had to read your post three times to understand what you meant lol.

Just to stay on the safe side, I can deny access to all the folders except the forum root, uploads and admin and the forums denied direct access would not impact the way my site currently functions right?
#10
(2012-11-05, 02:35 AM)kamz89 Wrote:
(2012-11-03, 03:08 AM)pavemen Wrote:
(2012-10-02, 01:16 AM)kamz89 Wrote:
(2012-09-30, 06:05 AM)Nathan Malcolm Wrote:
(2012-09-30, 04:25 AM)kamz89 Wrote: I'm not sure but I think the images and upload folders will be a major problem. I would recommend password protecting the plugins and admin directory and make sure settings.php and config.php are CHMOD to 644.

There's no need to password protect directories that shouldn't be accessed by anyone, simply deny access to everyone in those directories. In this case you might as well deny access the whole ./inc/ directory as by default there aren't any client side resources uploaded there and it also protected config.php and settings.php.

http://www.mybbsecurity.net/topic-protec...-directory

True but I'm always connected on a VPN so my IP changes everytime I connect to a VPN. I have to hide under a VPN due to privacy reasons and now due to this I can't deny all IPs because if I do then I would lock myself out of the ACP.

you are missing the point, just use deny from all and be done with it. no one, not even you on your own site, needs direct HTTP access to anything other the forum root, admin and uploads folders. using deny from all in htaccess does not impact php calling the files, nor (S)FTP access to the folder.

Oh shoot you have a point. I had to read your post three times to understand what you meant lol.

Just to stay on the safe side, I can deny access to all the folders except the forum root, uploads and admin and the forums denied direct access would not impact the way my site currently functions right?

I think you could leave uploads, because it can be useful at times.
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)


Forum Jump:


Users browsing this thread: 1 Guest(s)