4 {{ upvoteCount | shortNum }}
4 {{ upvoteCount | shortNum }}

My blog not scure?- Need help

by satrap
3 replies
I just received this email from someone (the email was sent from my contact page on my blog)

Check out Index of /wp-content/uploads
I recommend using Trust Seals from Trust Guard - A Trust Seal will Increase Sales to protect your site
Of course his link to the trustguards site is a covered affiliate link. But, looking at my url, it made me wonder if there is something wrong with my blog, a lope hole or something. I just dont understand what the problem is and what the potential danger could be. Should I take this serious and what can do I do about it? I would appreciate any help. Thank you.


Plus the trustguards tool seems to be for those sites that sell thing, I dont sell anything, so I dont have any buyers worrying about safe or not safe transaction when the pay. I am totally confused.
#blog #scure
  • Profile picture of the author Janet Sawyer
    Basically, what the poster was trying to tell you is that if anyone goes to your blog and then appends wp-content and /uploads, they can see all the files you have in that directory. (from 2009 onwards)

    What you need to do to make the site more secure is to place a blank index.php file in any folder that doesn't already have an index.php file contained within it.

    You could also place a redirect in the blank index.php so that anyone looking for open folders on your hosting will automatically be sent back to the home page.



    Thanks for this post, it has just reminded me I need to check my blogs for the same problems.
    Signature
    {{ DiscussionBoard.errors[4885261].message }}
  • Profile picture of the author digitalquilluk
    Install wordpress firewall plugin this will stop directory traversal attacks

    I also stop my uploads dir from serving anything other than file types i specify i.e. no script files that could be used to hack:

    add a .htaccess file in the root of your uploads folder with the following:

    Order Allow,Deny
    Deny from all
    <filesMatch "\.(jpeg|jpg|gif|png)$">
    Allow from all
    </filesMatch>
    ~
    Signature

    Matt Houldsworth
    Digitalquill Custom Wordpress Development

    Import XML, RSS and CSV Datafeeds into Wordpress | Import Amazon Products Into Wordpress | Post Automatically Categories in Wordpress

    {{ DiscussionBoard.errors[4885533].message }}
    • Profile picture of the author satrap
      Originally Posted by Janet Sawyer View Post

      Basically, what the poster was trying to tell you is that if anyone goes to your blog and then appends wp-content and /uploads, they can see all the files you have in that directory. (from 2009 onwards)

      What you need to do to make the site more secure is to place a blank index.php file in any folder that doesn't already have an index.php file contained within it.

      You could also place a redirect in the blank index.php so that anyone looking for open folders on your hosting will automatically be sent back to the home page.

      Thanks for this post, it has just reminded me I need to check my blogs for the same problems.

      Thank you for taking time to help. I really appreciate it. So, I made a index.php file and placed a redirect in it and now it simply goes to the home page. Worked great.

      How do these lope holes happen/created?
      Is it a plugin messing with things or?...
      And beside checking each folder manually, is there any other way to find any folder that doesn't already have an index.php?...

      Thank you again.



      Originally Posted by digitalquilluk View Post

      Install wordpress firewall plugin this will stop directory traversal attacks

      I also stop my uploads dir from serving anything other than file types i specify i.e. no script files that could be used to hack:
      Thanks for your help as well. I try to keep plugins to a minimum to avoid slowing load time.

      I am really interets in hearing more about the second part.

      add a .htaccess file in the root of your uploads folder with the following:

      Order Allow,Deny
      Deny from all
      <filesMatch ".(jpeg|jpg|gif|png)$">
      Allow from all
      </filesMatch>
      ~
      So, will this only serve for that uploads folder, or would it stop attacks on any other folder as well? (forgive me if its a stupid question, as I really have no clue when it comes to technical matter like this).

      Thank you in advance.
      Signature
      60 Awesome Ways to Make Money Without a Job
      .................................
      Check out my blog Survey Satrap featuring honest reviews of paid survey sites.
      {{ DiscussionBoard.errors[4888345].message }}

Trending Topics