protect your tmp directory

Do something cool with CMS? Show us ...
This board is for 'Answers', and the discussion of answers... Not for questions.
Post Reply
staartmees
Power Poster
Power Poster
Posts: 1049
Joined: Wed Mar 19, 2008 4:54 pm

protect your tmp directory

Post by staartmees »

to prevent hacking or abuse of your site, it's best to protect your tmp-directory with a .htaccess-file.

Order Deny,Allow
Deny from all

Allow from 127.0.0.1
Top
Pierre M.

Re: protect your tmp directory

Post by Pierre M. »

I like this tip. I like such tips.

Pierre M.
Top
Nick Smart
Forum Members
Forum Members
Posts: 116
Joined: Mon Jul 28, 2008 4:48 pm
Location: Cambridge, UK

Re: protect your tmp directory

Post by Nick Smart »

Thanks for your suggestion, unfortunately it prevents the captcha image from displaying on my contact form - CMSMS 1.4.1, Form Builder 0.5.3, Captcha 0.3.1, Linux/PHP5/MySQL

Nick
Top
cyberman

Re: protect your tmp directory

Post by cyberman »

Try this

Code: Select all

<Files *.php>
    Order deny,allow
    Deny from All
</Files>
so only executable php files will be blocked.
Top
Nick Smart
Forum Members
Forum Members
Posts: 116
Joined: Mon Jul 28, 2008 4:48 pm
Location: Cambridge, UK

Re: protect your tmp directory

Post by Nick Smart »

Is there any reason that couldn't be added to the htaccess in the root?

Nick
Top
cyberman

Re: protect your tmp directory

Post by cyberman »

If you block php files from root CMSms cannot running :) ...
Last edited by cyberman on Tue Aug 26, 2008 11:44 am, edited 1 time in total.
Top
Nick Smart
Forum Members
Forum Members
Posts: 116
Joined: Mon Jul 28, 2008 4:48 pm
Location: Cambridge, UK

Re: protect your tmp directory

Post by Nick Smart »

Yes, index.php, etc. need access, I was thinking more of using it as a way to block lib, modules, plugins but just didn't write the question very well.

Nick
Top
cyberman

Re: protect your tmp directory

Post by cyberman »

You can use the same like I've posted for uploads folder. For /libs you can use

Code: Select all

order deny,allow
deny from all
<Files ~ ".*\.css|.*\.js|.*\.gif|.*\jpe?g|editor.php|thumbs.php|images.php|editorFrame.php$">
Order deny,allow
Allow from all
</Files>
Something more about CMSms and security you can find here

http://wiki.cmsmadesimple.org/index.php ... mall_Guide
Top
User avatar
blast2007
Power Poster
Power Poster
Posts: 508
Joined: Wed Aug 01, 2007 5:36 pm

Re: protect your tmp directory

Post by blast2007 »

cyberman wrote: Something more about CMSms and security you can find here

http://wiki.cmsmadesimple.org/index.php ... mall_Guide
Hi all,

can you think we can add a related section into wiki guide?

Could be useful?

Regards
blast
Top
cyberman

Re: protect your tmp directory

Post by cyberman »

Ähmm, what you want to add ??? ?
Top
User avatar
blast2007
Power Poster
Power Poster
Posts: 508
Joined: Wed Aug 01, 2007 5:36 pm

Re: protect your tmp directory

Post by blast2007 »

cyberman wrote: Ähmm, what you want to add ??? ?
Something like:

"You can add .htaccess files to protect these directories:
/tmp
/libs
/uploads
...

Here suggested configuration for each one:
...
..."
Top
cyberman

Re: protect your tmp directory

Post by cyberman »

On the posted link there was some informations like I've posted - now I've added the informations from this thread :) ...
Top
User avatar
blast2007
Power Poster
Power Poster
Posts: 508
Joined: Wed Aug 01, 2007 5:36 pm

Re: protect your tmp directory

Post by blast2007 »

cyberman wrote: On the posted link there was some informations like I've posted - now I've added the informations from this thread :) ...
Ok thanks!
Top
Post Reply

Return to “Tips and Tricks”