News:

The anti-spam plugins have stopped being effective. Registration is back to requiring approval. After registering, you must ALSO email me with your username, so that I can manually approve your account.

Main Menu

my URL links to php info + no ftp access

Started by Adelaide, October 14, 2009, 03:39:16 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Adelaide

Hey there, this is kahvie's boyfriend of adelaide.xepher, wondering whether we really need a special ftp program to access the ftp site, versus just typing the ftp url into a windows explorer address bar and treating it like a folder.  I've never had to use a program before, just have always been able to treat a website like any other folder, so this is a bit confusing.  I get the following error when attempting ftp access through explorer:
Windows cannot access this folder.  Make sure you typed the file name correctly and that you have permission to access the folder.
Details:
The connection with the server was reset.

This happens before the login screen ought to appear.  

Will the ftp program you recommend in your FAQ solve this issue or is it something that might require your attention?  Just fyi, when navigating to the subdomain with http like a visitor would, a 10 page document of php and assorted server information is displayed instead.  This information could feasibly educate a potential attacker on many points of interest about your server including addresses and states of variables.  Edit: this has now been replaced with a temporary site index.

Thanks for your attention to this and for the wonderful opportunity you've given Kahvie to share her artwork with the masses!!!
Painted Adelaide | LiveJournal | Fur Affinity

En lögn för mej, en lögn för oss som väntar
på svaret som ni aldrig kommer få

griever

On the Help/FAQ page, it's recommended that you use WinSCP if you have Windows.  (I have a Mac and use Cyberduck.)  You'll want to set up the connection using SCP, not SFTP or FTP.  I think it's a security thing.
"You can get all A's and still flunk life." (Walker Percy)

Adelaide

Thanks a lot for that response.  I'm funny about downloading software when an alternative method will work, but I got the portable version of winSCP, which worked just fine.  Thanks for clearing that up! 
Painted Adelaide | LiveJournal | Fur Affinity

En lögn för mej, en lögn för oss som väntar
på svaret som ni aldrig kommer få

Xepher

Yeah, FTP is an old protocol that isn't secured/encrypted in anyway. As such, xepher.net doesn't support it, and only accepts SCP/SFTP connections. Many modern file transfer programs handle this just fine, including FileZilla, winSCP, etc. Macs have built-in support for scp, and linux has been using it as the default for years.

The page you're seeing is the PHP info page. I've set that as a default page, and yes, it does reveal a lot of server info, but it also verifies that PHP is working, and a lot of the info there can be useful for the website developer, including program and document root paths, installed php extensions, etc. I've never believed in security-through-obscurity, and so it doesn't worry me to reveal the info there. The other thing it does is provide a default page that prevents a directory listing from being shown, and is an obvious file that new users can see as an example of where/what to replace with their own default page.