Are You Unknowingly Leaving Your Website Vulnerable?
Today, I want to talk a little bit about a basic security flaw that
can be disastrous for your website and your online business.
Did you know that you could be unknowingly giving people direct
access to all of the files inside your directory folders on your
website?
This is one of the most common mistakes that webmasters make
experienced an inexperienced alike. The good news is, it is actually
the easiest to fix.
To stop this from happening all you have to do is make sure that
each directory on your site contains an index file. By default, web
browsers, when directed to a directory look first of all for a file
named index.
If the browser does not encounter the index file, it will display the
entire directory in the form of a clickable navigation list, disclosing
all its contents for the world to see.
Try this little test.
Create a folder on your website and add some random files to it,
but don’t include an index file. Now type in the URL to the folder
that you just created. it should look something like this;
http://www.yoursite.com/random-folder. What you’ll see is a list of
everything that you added to the folder. Now go back in and add
an index file, and you’ll notice the difference.
As you can see without the index file in place you are leaving your
precious and often restricted content wide open for the world to
see and even take whenever they feel like it.
Now let’s go over a few other basic security measures that you
should put in place to ensure the safety of the files on your
website.
As we discussed it is important to make sure that each directory
of your website contains an index file by renaming the default
page you want to be shown to index. It doesn’t matter what file
extension you use, whether it be html, htm, php, etc. It will work
as long as the file is named index.
If you don’t want to display any type of content from inside the
folder, say for instance in your image folder, then simply create
an empty index file. That way when your visitors arrive at the
directory, a blank page will be shown, but you will no longer be
displaying a directory listing. Another good tip is to provide a
message and a clickable link on that page to take your visitors
to another page on your website.
Another way that you can protect your folders and send your
visitors exactly where you want them to go is to create an index file
that contains a redirect code, so that your visitors will not even
notice that they ended up in the wrong place. There are several
ways that you can do this. The most common is a little snippet
of code that you place directly into your HTML. To find one that
works for you just do a quick search in your favorite search engine
for ‘redirect code’ and you will find several options Including
Javascript.
Keeping your website directory folders secure is especially
important if you have downloadable content that people are
supposed to pay for inside them, so it is a good idea not keep
your them in the same directory as the sales page. A better choice
would be to keep them in a separate, secure directory and set up
your payment processor to forward your customers to that
directory. This way you will be sure that only people who have
paid for the product will have access to it.
Doing business on the Internet doesn’t mean that you or your
website should have to fall victim to predators. If you use simple
techniques to protect your directory folders it should help you
drastically reduce the risk of unauthorized access to your site and
save you unnecessary headaches and losses.
