Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
#1 2006-04-27 11:30:12
- FireFusion
- Member
- Registered: 2005-05-10
- Posts: 698
File Downloads security
Why is it that when I upload a file to my textpattern sites the download counter later that day will already have hits, when I haven’t even linked to the file on the site or told anyone about it? Sometimes it can be as many as 20 downloads.
How is this happening and how can I stop it?
Thanks for your time.
Offline
Re: File Downloads security
i’d assume you’d find more about this by searching your server logfiles. preferrably in raw format (use texteditor “find” to find appropriate entries. inserting IP numbers into http://whois.sc gets you actual websites/servers behind in case there’s no referrer names mentioned..)
otehr than that: did you find anymore information on this meanhwile?
A hole turned upside down is a dome, when there’s also gravity.
Offline
#3 2006-07-21 04:06:09
- net-carver
- Archived Plugin Author
- Registered: 2006-03-08
- Posts: 1,648
Re: File Downloads security
Perhaps someone is just crafting site/file_download/file_id urls to dig into your site. That will pull files out of TxP even if you have no visible links on your page.
Related: are you running your sites on Apache? If so, it is possible people could also be visiting your site/files directory and taking stuff too. You can get around that in Apache by adding
<pre>Options -Indexes</pre>
to your .htaccess file.
Hope that helps.
— Steve
Offline
Pages: 1