1
A small suggestion for developers, theme designers and end users alike...
In every directory where there is *not* an index.php file, upload a file named index.html with the following line in it.
<script>history.go(-1);script>
After MyWebResource was hacked, I discovered that cPanel had this nice little feature to manage Apache indexes. The problem is, by default, this feature is set to fancy indexing. This basically means that if you do not have a index.* in every folder, Apache will generate one for you, thus allowing anyone in the world to browse the folder structure of your site. NOT GOOD!
I am in the process of uploading the index.html file I mentioned above into every folder that does not have a index.php, on every site, for every client. As you can imaging, this is a very time consuming process. While doing so, I've noticed that A LOT of modules do not have this file included. Even some parts of the core do not have this file.
My suggestion/request is that all developers, theme designers and end users alike include this file in your directories.
I may just be p@r@n01d, but hey, If you're not p@r@n01d, your're not paying attention.
/2 cents
Best Regards,
JMorris
Insanity can be defined as "doing the same thing over and over and expecting different results."
Stupidity is not a crime. Therefore, you are free to go.