Permissions for Picture Folder.

[morestar]

Hello and thank you for your time and contributions.

My problem is the following: On one of my sites I have pictures in a particular directory. I'm trying to block the viewing up this directory and it's contents by accessing it via a browser but still want to allow my website to publish them.

I tried changing the permissions on the folder (to this and that) to no avail.

If someone has an idea or solution please advise.

Again thank you for your time evryone.

!!!

[Dubbya]

It would be helpful if you could tell us your server platform and a URL would be nice as well.

IIS?

Apache?

Are FrontPage extensions installed?

[morestar]

it is apache
i don't want to post the url cause of the security issue - as it stands it's being attacked almost daily...with executable files being uploaded into the directory...

[wige]

Let me be sure I understand the situation. You have a folder which contains the images for your site, and you are trying to block the viewing of the contents of that folder?

Also, how are the executable files being uploaded? That is generally a more serious problem than the images being able to be downloaded.

[ran_dizolph]

Just drop an index file in the folder that redirects the user back to your homepage or something.

[imvain2]

for the picture accessing on apache..

you can create a .htaccess file and store it in the root directory of your website.

Code:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpe [L]

Stop Hotlinking with htaccess. Test your Image Hotlink Protection with our Hotlink Checker from altlab.com.

plus as ran_dizolph pointed out, create an index.php file and drop it into your image folder. Have index.php redirect users to the home page.

--------------------------------------------------------------

As for uploading bad files, this is a different issue all together.

[incrediblehelp]

Why not block the folder with htaccess?

.htaccess tricks and tips.. part one: tips, tricks, hints, examples; juicy .htaccess information.

[vwickam]

There are a few things that could help this situation.

First, make sure that your permissions of the folder and the files in it are set to 744. You can do this from SSH or telnet by changing into that directory, and typing

chmod 744 *

This will ensure that the files and folder are readable, but not writable.

If you are still being attacked after doing this, you are probably either running an insecure application on your website, or you are on hosting that is not running at the most up-to-date patch level.

If you are running any 3rd party applications on your site - CMS's, message boards, etc. - make sure that you are running the current stable version of the software, and that it isn't an unsupported package (that it has been updated fairly recently.)

If you aren't running any 3rd party apps, your webhost may be running an out of date version of PHP, MySQL, Perl, or Apache which may have vulnerabilities that are being exploited.

Good luck!

<in your signature only please>

[morestar]

but one thing they seem to be able to do is upload files to the folder. Actually, all members are able to and their pictures viewable from a browser.

i changed the permissions to 751 and this disallowed viewing the pictures from the browser but allows the member pictures to be displayed throughout the site. setting the permissions to 750 stop the members from uploading pictures.

I also have everything setup in my ini file and .htaccess but...to no avail...

in the next few days some geek that thinks defacing my pictures folder is impressive.

[imvain2]

So, if you are wanting to allow the members to upload photos, but only photos. Why not alter the upload script to only allow, jpg, png and gif files?

[morestar]

Quote:

Originally Posted by imvain2

So, if you are wanting to allow the members to upload photos, but only photos. Why not alter the upload script to only allow, jpg, png and gif files?

that is my problem and I'm looking into it right now...this may take some time...

[imvain2]

depending on the programming language, this could be really simple.

If you want post, just the upload script and I'm sure someone can update it for you.