[Typo3] security: close your directories
stefano cecere
scecere at krur.com
Fri Sep 30 21:14:57 CEST 2005
if you use apache, put in the root .htaccess these lines
DirectoryIndex /your_custom_error_page.html
Options -Indexes
(you can see an example of the result of the custom DirectoryIndex here:
http://www.ilfannullone.it/typo3temp/
it depends on the servers settings.. not all by default have Indexes off
(if it's on, it shows the listing of a directory, if a index.html is
not found)
stefano
Francesco di Francia wrote:
> stefano cecere ha scritto:
>
>> after having been hacked in one of my typo3 sites (they got in and
>> changed some cached files), i'm giving more than an eyes on security..
>>
>> i discovered that my (but also some of other websites) typo3temp and
>> fileadmin were not "closed" by "Options -Index" or other..
>>
>> i think the security team could do a little vademecum about the points
>> to secure a typo3 sites as much as possible.
>>
>> hug
>> stefano
>
>
> Hi,
>
> can you explain better what you mean with "closed by Option - Index or
> other" ?
>
> Ciao
>
More information about the TYPO3-english
mailing list