Tightening Up CMSMS Just A Bit

[Debon]

I am not sure if anyone else has noticed this but on ALL CMSMS websites that I have visited, it is possible to get behind the Opening page and view the site's directory structure and directory listing by simply typing "www.thesitename/images". This works for quite a few of the site's directories as well and not just the image directory. If CMSMS could be made to generate default index pages in ALL of its sub-folders that re-directed to the opening page, this would solve the problem. What does anyone think of this?

[bertmelis]

Could be a handy thing indeed!

But at my host I've got the directory listing disabled using an Apache .htaccess rule.

[moorezilla]

Yeah this:

Options -Indexes

in the .htaccess file should be all you need.

[Dr.CSS]

That same thing works on a lot of sites on the internet not just CMSMS.

[Debon]

That same thing works on a lot of sites on the internet not just CMSMS.

Maksbud, I know that it happens on a lot of other sites on The Net but because I believe CMSMS is the best there is, that is why I ask if it can be done to further set CMSMS apart from "the rest". This is not a criticism, its just a suggestion. I know that it can also be done using the .htaccess file but notwithstanding this, a lot of webmasters/site admins as you say, have not done so.

[DA]

Hi all ,

Me for one agree with Debon .

Being as green as grass to all this CMS and CMSMS , I did not know this one , it is now in the .htaccess . This to my tiny mind gives the idiots out there the directory list of your site , so they don't have to go hunting .

Can these sort of security hints and tips be pinned some where here for us not so bright types ?


Have a good day

DA

[bertmelis]

Mind that not everyone is able to use .htaccess on their hosts.

It could be good for those people to put an index.html with redirect in every folder.

[DA]

Hi bert ,

This is exactly what I mean . All of these things need to be listed some where , and also how to do it .

Even that one of yours , I guess that you assume everyone knows how to do that . What do you do , just chuck an empty index.html in every folder , if not , what is in it ?

I have been scouring these forums and picking up bits and pieces here and there , and picked up this one fpr the htaccess .

Have a good day

DA

[Dr.CSS]

I realize after rereading your post, I thought you meant www.mysite.com/someimage.jpg, doing mysite.com/images on any of my sites brings up a warning / error page... maybe 1and1 my hosting company is more restrictive than others...

http://www.multiintech.com/images


Error 403: Forbidden!

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated.

DA

actually most of the folders have a blank index.html in them...

[Debon]

I realize after rereading your post, I thought you meant www.mysite.com/someimage.jpg, doing mysite.com/images on any of my sites brings up a warning / error page... maybe 1and1 my hosting company is more restrictive than others...

http://www.multiintech.com/images


Error 403: Forbidden!

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated.

DA

actually most of the folders have a blank index.html in them...

Maksbud, to have a white blank page displayed or even the server generated 403 Forbidden message looks as though the site broke (i.e. although we know it didn't). In fact the default 404 and possibly the Site Down CMSMS messages could also be included in this feature request. IMHO if the page that is displayed is in keeping with the general look and feel of the site (i.e. the same template, stylesheets & banner images if any etc.) with say a 2 or 3 second delay and a re-direct to the opening page, it would look much more professionally complete. CMSMS is the best CMS around, and this is neither a criticism nor a major issue, its simply a suggestion. A small housekeeping script that can be run at any time probably from the admin screen could take care of this task very easily and it could also be used to remove/rename the install folder if that exists at run time as well. Here's hoping that the powers that be, at least consider this suggestion.

What would also be good for sites using the Apache web server is, if the default .htaccess file could include coding to guard against the leeching of images from CMSMS sites for the most popular image types e.g. jpg, gif & png etc. with a very small default CMSMS noleech image.

I know that these are issues which in all fairness are peripheral to the central purpose of a content management system, however I am sure we will all agree that it is those CMSes with the most additional features that come bundled with the software that will remain on top of and by extension, apart from, "the rest". CMSMS is the best and let us try to keep it that way. CHEERS!!!!!!!