Announcement

Collapse
No announcement yet.

Insecure actinic websites?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Insecure actinic websites?

    Whilst struggling to build my actinic site, I put "NETQUOTEVAR" into google and searched on it.

    I was very surprised at the results returned.
    On an awful lot of sites you could click the link from google and remove the .html extension ie:- "www.mysite.com/actinic/" hit return and you can see all the files on the website and move freely around the directories.

    Is this because the "allow browsing option" left unchecked on the permissions side of the webserver?

    Some sites had it correct in the way that you just returned to the shopfront, but not many.

    #2
    These sites seem to have chosen (for some wierd reason) to name the top-level page of their catalog to something other than index.html and also have a server set to display directory contents.

    As long as you leave the index.html as the default top level page name in the acatalog directory then the directory listing should never appear.

    If you really had to have the acatalog top-level called something other than index.html then just put in a dummy index.html (maybe with a meta refresh tag to take the user to the correct place) and all will be safe.

    Norman
    Norman - www.drillpine.biz
    Edinburgh, U K / Bitez, Turkey

    Comment


      #3
      I came across exactly the same thing on my site, fortunately before it went live

      The thread is here

      Comment

      Working...
      X