Somebody uploaded some deconfig.asp file in my website root directory. I don't know how? When I checked the file owner, it was showing as IUSER iis user because my websites are running in IIS server 7.5. After uploading deconfig.asp file he just uploaded Google verification HTML file for verifying domain from Google webmaster tool. I am not able to find out how he was able to upload the file in website root directory without any login.
How did he upload the files in the server?
The possibility could be HeartBleed, but as Jhuliano said. It could be endless.
Which hosting server are you using? Is your Cpanel udated with latest code
Related
I deployed my app on cPanel. However, if you type 'mylink/'+app.js you have access to my app.js file and that goes for all other js files in my backend.
How can I revoke access to those files on cPanel without revoking access to all .js files?
Thanks
I tried going on Hotlink Protection and removing access to .js butt hat simply removed access to all javascript files.
How do I get a link to a file I have uploaded to my website?
I have uploaded a file to my website by going to Admin - File Manager then I uploaded the file to this destination *Portal Root\Pages\Customisation* how do I then get a link to the file I just uploaded?
The file is myFile.PDF so I have tried this path but it doesn't send me back the file:
http://mywebsite.com.au/Pages/Customisation/myFile.pdf
The "portal root" is typically housed in the directory "Portals/0," so the full URL would be http://mywebsite.com.au/Portals/0/Pages/Customisation/myFile.pdf. If you have multiple sites/portals within the DNN installation, that you'll need to find the ID, instead of assuming that it's 0.
There's also a small possibility that the home directory has been customized to some other directory name entirely. But you can verify the directory on the Advanced Settings tab of Site Settings, in the Page Management section.
Hi suppose my site as www.xyz.com and i have a folder as _Userfile which have file uploaded by my users and if they download there file the link is www.xyz/_Userfile/userfile.doc now i want to learn this:
if some one has the link to other user file he can download it i want to solve this(privacy)
2: protect my site file from website downloader.
ASAP plz
Also i am using virtual directory to save my user files so i need a way to protect any type of file to be downloaded by any kind of software
You'll have to implement an authentication mechanism, and to serve those files through a server-side application (in PHP, Java or whatever), that checks if the authenticated user has the right to access a resource, then reads the resource from the disk and writes it to the HTTP response. The documents should be placed in a location that is not directly accessible through HTTP.
Just add index.html file in the folder _Userfile... This will prevent others accessing the whole directory listing in _UserFile folder! Simple isn't it?
I've installed a Joomla 1.6 template, and everything is working fine except 1 thing.
I have uploaded some .pdf-files somewhere in the file system and people who visit the site can view or download these pdf-files, but when I click on the link or trying to right-click and "Save as target" I get an error message like this:
Forbidden
You don't have permission to access
/path/filename.pdf on this server.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request. Apache mod_fcgid/2.3.6
mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server
at website Port 80
I've logged in as administrator and checked if I found anything that denies access to files with .pdf extension, but all I found was that it seems like a .htaccess-file is being created in the same folder as the .pdf-files just after I'm trying to open them in my browser.
The content of the .htaccess file that is being created is this:
deny from all
I have also tried to edit this files content to "allow from all", and tried to delete it too, but Joomla is just changing it back.
Anyone know why or what that prevents me from viewing or downloading the pdf-files?
If it's a UNIX/Linux server you can FTP in with a client that shows permissions like FileZilla. It's probably the permissions associated with the parent folder cascading down to these files. Try to see if you can upload an image to the images folder and if you can save it the same way you're trying to save the PDFs. If downloading the image to your machine works, I would then look at the permissions settings. If you're not sure which permissions to look for, check out this: http://www.tuxfiles.org/linuxhelp/filepermissions.html
Usually a client can download/view files with permissions of 644 or higher.
Today I moved my website to a new hosting company (Verio). I've done this lots of times before, and I know that your website should go inside the "htdocs" folder.
Now usually when I use FileZilla, I can do a "Right Click" on a filename to get the URL of that file. This is the result of my root default file: ftp://test#test.com/www/htdocs/Research/index.php
However, on the web, the true URL of my default file is: www.test.com/Research/index.php
My index.php file is in the website root folder. Does anyone know why FileZilla would include the server folders "www/htdocs" as part of the URL? These folders should not normally be visible to the user.
OR, is this look correct?
That ftp url is correct. Your FTP account has access to the two folders (www/htdocs/) before the document root, as most hosting providers provide.
You are also correct to assume that http access is limited to the document root. (Meaning they cannot see www/htdocs/)