how do i protect a file directory from be accessed view a web browser but still allowing scripts like flash to access it?
i have a folder with xml files in it and i don't want a user pulling them up via there webbrowser.
I was on my visitors on AWstats, and when looking up most of the top IPs (the ones that viewed the most pages), most of them were associated with IANA, and tagged as spam/hacker IPs.
Of course, I've blocked all of those IPs with my .htaccess file, but how can I further protect my server from such threats? How can I rid my server of these spammers/hackers?
My company provides various reports and dynamic website content to clients whose websites we design and host as well as to clients who have their sites designed and hosted elsewhere. We do not want people to be able to easily link to our content or bring it up in an iframe or whatever unless they are a paid subscriber. We would like to be able to limit the content to the domains of paying clients and keep it from displaying elsewhere. Note also that out of several reports, publications and content we offer, clients can mix and match, subscribe to just one element or all of them (The subscription levels are managed by us on the back end.)
Currently we have a system that is built in Perl/Postgres SQL and it is problematic(constantly failing and not very secure) Also it requires that the content be loaded into an iframe on the client's site or linked directly. We would like a solution that is PHP-based and can talk to our existing database. We would also like to be able to display the content on the page without an iframe so it is more search engine friendly, etc.
An off-the-shelf solution would be preferable if one is available - and we like to support the open source community.
This is a quote from an unrelated thread in the Dedicated Server Forum, I didnt want to hijack the thread so thought I would bring my question over here:
Quote:
Originally Posted by HRDev Hady
I believe they use BurstNet, which isn't really a good choice for DDoS-prone sites as their Top Layer devices don't seem to handle attacks very well in my opinion. If you're running a DDoS prone site, you'd likely be better off with a DDoS-specialized provider such as Awknet, Staminus, or Black Lotus. But as mentioned, a lot of attacks can be stopped simply by proper tuning of your IP stack and some simple firewall rules.
My question is as a new Dedicated Server Owner what tuning and rules do I need to implement in order to protect me from these "small scale DDoS Attacks"?
I do not run a DDoS prone site(i hope not lol) but I want to secure myself as much as possible and have a headache free run other than the headaches I cause myself of course.
Is there any good way to be able to put an e-mail address on one's own Web site, without making it an image, and keep it from harvesting bots?
I found this site: [url] and was wondering if it's valid and workable.
I was curious to know if there's a way to protect memory for certain programs. I have a VPS that is fairly light on memory, and there's been a few occasions when a program/bug will go wild and eat up all the memory locking me out of ssh/webmin.
Is there any way I can protect certain memory for certain processes/programs. Ideally I'd like some way for ssh to stay up in all situations.
I had no problems protecting my webpages hosted by Yahoo, but cannot figure it out for Go Daddy. I'm using Hosting Configuration 1.0. Can anyone help?
My .htaccess and .htpasswd looks good to me, but still the webpages are not protected.
how to protect My datas about domains in My bind, when using command
a@r:~$host -l -t any example.com?
I am looking to backup client data to a second hard drive on the server. I was wondering if there is any way to protect this data from virus's or any other software attack that may compromise the server data.
View 9 Replies View RelatedI am seeing some some some strange behaviour when password protecting directories served by nginx and PHP-FPM. If I have a site set up so that 'Process PHP by nginx' is selected under ('Websites & Domains>Web Server Settings>nginx settings') and set up password protection ('Websites & Domains>Password-Protected Directories') PHP pages are still served without asking for a password.
If I untick 'Process PHP by nginx' the behaviour returns to normal and an attempt to any access files results in the password request.Is this behaviour by design? If so, it is not made clear when you set up the password protection that it will not apply to PHP pages if you have nginx process the PHP pages.
OS: CentOS 6.6 (Final)
Plesk version: 12.0.18 Update #51
I have a situation like this:
There is a directory say, "Master" and inside, "Master" there is sub-directory, "Slave". A user who has access to, "Master" should be able to access, "Slave" automatically. However, a user who has access to, "Slave" should not have access to, "Master". Inside cPanel this type of protection is not possible.
How do I direct my httpd file to point to:
home/USER/public_html
instead of:
C:Users estetc...
I want to do this to make my test server just like the remote server.
I want to move the entire contents of a directory tree to another directory.
So for example we may have a directory with 15 directories inside, each directory contains files itself. I want to copy all the files from the directory tree into another directory located somewhere else one the file system. I want only the "files" to end up in the other directory and not the file structure too.
Im running CENTOS latest version.
Which files could I safely delete/archive from the usr directory? Also, what is the command to list each subdirectory's size?
View 8 Replies View RelatedIf we want to Create output of "Tar" a directory ; to different server, how can we do that ?
I tried this command, but it does not works
tar -cvf oldserverzip.tar /directory | ssh newserver@newserver.com
Basically, what we want is to shift a site "dump" to another server, without creating a copy at source server (as there is no space available there to create a "dump")
Cpanel 11
Fedora
Is there any particular reason or advantage to having SSL files load from a different directory than the http files load?
for instance the http home files are in
/home/domain
is there any reason that an index.html (unsecure file) would need to redirect secure files from a directory?
how I go about unlocking my bin directory and making it writable again. I tried to do installworld with the latest freebsd release and as soon as it gets to the bin directory I get a permissions denied error. I looked at the permissions and ownership compared to another freebsd box and they all look the same. I tried to create a file by using touch just to test it and I received permission denied error.
View 3 Replies View RelatedI want to have a directory that i want to set up so you can only a script can see files in a directory. They will be getting the file names from the database, i have turned off directory browsing. I have also set up a Robots.txt and stopped robots from scanning the directory. Is there anything else i can do?
Also is there and software that allows you to download an entire site. Even if it is gigs of content. If so, how do i set it so it will stop that from happening. I am on linux. Centos running Cpanel.
I know that /www is an alias (symlink) for public_html, but I came across an account with virtual_html. Is there a difference between virtual_html and public_html?
And while I assume secure_html is for secure files, how does it tie in?
I'm trying to use SSH to delete a directory. It won't delete via FTP.
I've tried variations of the below but nothing seems to work;
rm -f [folder]
rm /-f [folder]
the directory that should be deleted is test.crossroadsclub.net, so I use that as the folder.
I need to make this writeable but I can't find it on my server with my FTPclient. Can someone tell me what it is and where it's likely to be?
Maybe I have to create one?
I have 10 GB partition and we have mount /var direcotry and now it has been full 97% what can i do and how to manage it and i have no other option because no other space is available to create new partition and mount there.
View 10 Replies View Relatedthe caching directory I created for eaccelerator deleted by itself. There are 2 copies of eaccelerator, one for apache and one for litespeed. The one for Apache got deleted today. Could it be due to the fact that the directory hasn't been modified or accessed in nearly 2 weeks? It's been that long since Apache was used.
View 4 Replies View RelatedHow do I do this in IIS
I need to be able to access resources such as PDFs, videos from my website once a user has logged in but I need to block users being able to access the resources from a url?
i updated my old pages on the ftp directory wwwroot.. i deleted the old files and inserted new pages with new names.. now i am not able to see the new website if i type the exact address..the old page is still being viewed. wheras if i omit the www part from the addres i am able to see the new page..
View 5 Replies View RelatedI want hide the directory of my site:
[url]
How to hide the content list there?
I would like to make some kind of script (probably .sh?) that automatically takes a directory, makes a copy of it then makes a gzip tar and then shoots it over to an FTP server. I would like this to happen twice a day (ie. every 12 hours).
View 13 Replies View RelatedI am running phpsuexec on the server and it seems all php.ini settings are being applied per directory, I would like to have them running per user.
View 6 Replies View RelatedI upgraded from Apache 1.3.7 to the latest copy
Everything works nicely, except the cgi-bin directory
When a user tries to access a script or even a standard text file, it throws up the error..
Not Found
The requested URL /cgi-bin/first.txt was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
When they try and access the cgi-bin directory itself, they get
Forbidden
You don't have permission to access /cgi-bin/ on this server
Now, I've checked the httpd.conf file and this is what it has for Cgi-bin
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>
<Directory "/usr/local/apache/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
And the error logs say..
[Sun Jan 20 18:09:56 2008] [error] [client xx.xx.xx.xx] File does not exist: /home/goewowc/public_html/404.shtml
[Sun Jan 20 18:09:56 2008] [error] [client xx.xx.xx.xx] script not found or unable to stat: /usr/local/apache/cgi-bin/first.txt
The CGI-bin directory is chmodded correctly, the files are also chmodded and belong to the correct group