Warning – Your /comics/ directory might be not secure.
It has come to my attention from a couple twitter Advisors, @Dr_Mike and @stealthiscomic that quite a few wordpress/comicpress users still have their comics directory for everyone to view. This isn’t secure in the fact that if people post their comics in advanced for pre-publishing users can read ahead in their archives. This also opens up to the possibility of people pilfering the entire archive without viewing the ads on your pages.
To secure the /comics/ /comics-rss/ and /comics-archive/ directories the *easiest* method is to just through an index.php file inside each of those directories with this content:
<?php
header('Location: /');
?>
That will make it just redirect straight up to the root directory.
However, if you want to be fancy about it, creating a .htaccess file for that directory and following the guidelines http://wiki.dreamhost.com/KB_/_Unix_/_.htaccess_files#Disable_Directory_Listings might be worth some time to invest in learning how to do.
Disable Directory Listings
Occasionally, you may not have a default index document in a directory. If a default document is not found, whenever a visitor types in the directory name in their browser, a full listing of all the files in that directory will be displayed. This could be a security risk for your site. To prevent without having to add a default index document to every folder, you can enter the following line in your .htaccess file to disable a directory’s contents from being shown:
Options -Indexes
However, here’s an even more advanced method of securing your directory AND not allow *ANYONE* to hotlink to your images. This way noone can go and use your bandwidth and not having them on your page itself and putting an image in it’s place saying “You cannot hotlink to this image.” Create a .htaccess file and put these contents to it in the directory you want to secure from hotlinking.
Options -Indexes
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.tld/ [NC]
RewriteCond %{REQUEST_URI} !^/path_to/nohotlinking.jpg [NC]
RewriteRule .(gif|jpg)$ http://www.domain.tld/path_to/nohotlinking.jpg [R,L]
Change domain.tld to your webcomics domain and extension, like pcweenies.com
Change www.domain.tld/path_to/nohotlinking.jpg to a the path to an image on your site saying not to hotlink the images.
However, I suggest the easy method because, really .. that’s all you need to do.
– Phil
Thank you for the heads up on this, Phil! I checked and sure enough..mine was exposed. *blush*
Wow. Thanks for the tip. Even for complete neophyte like me (seriously, I have no clue what I’m doing when it comes to computer stuff), I was able to implement your easy suggestion above. Thanks!
Has this been done for the basic accounts which have no FTP access? If not, how would we fix this?
That east method worked like a charm! I also used it in the /images/ folder I made.
Just did the easy way. Now it gives a nice “Forbidden” message when trying to view the folders. Awesome!
You should go the htaccess route if possible