[英]Website backup.zip File on Hosting Server is safe from hacker or Robot?
Many people Make their website backup.zip on their hosting server, 很多人在托管服务器上制作网站backup.zip,
A zip file are place on same directory where Index.php exists. 一个zip文件位于存在Index.php的同一目录中。
So if i use this link my backup will download http://www.example.com/backup.zip
因此,如果我使用此链接,我的备份将下载
http://www.example.com/backup.zip
If I don't share my backup filename/link, is it safe from hackers or robots? 如果我不共享备份文件名/链接,那么它对黑客或机器人安全吗?
Is there any function that give my all files and directory name? 有没有提供我所有文件和目录名称的功能?
How to secure backup.zip file on hosting server? 如何保护托管服务器上的backup.zip文件?
I post this question here because I think Developers know best about Hacking / robots attack / get directory / get files from another server
我在此发布此问题,因为我认为开发人员最了解黑客/机器人攻击/从其他服务器获取目录/获取文件
There is many way to protect your files from the eyes of internet. 有很多方法可以保护文件免受Internet的影响。
The simplest one is to have a index.html, index.html, or index.php file, into the directory who contain your backup.zip, but the file still can be acceded if someone guess his name and call it from his URL like this: www.example.com/backup.zip 最简单的方法是将一个index.html,index.html或index.php文件放入包含您的backup.zip的目录中,但是如果有人猜出他的名字并从他的URL调用它,仍然可以添加该文件网址:www.example.com/backup.zip
To avoid this issue: most of the webservers provide a way to protect your file. 为避免此问题:大多数Web服务器都提供了一种保护文件的方法。 If we assume you are under Apache2 you must create a rule into a .htaccess file (who is located into the same directory of your file) to prevent people from accessing your backup.zip.
如果我们假设您使用的是Apache2,则必须在.htaccess文件(该文件位于文件的同一目录)中创建规则,以防止他人访问您的backup.zip。
eg: 例如:
<Files backup.zip>
Order allow,deny
Deny from all
</Files>
if you are not under Apache2, you could find the answer by checking the documentation of your HTTP server. 如果您不在Apache2之下,则可以通过查看HTTP服务器的文档来找到答案。
Your file is not safe as it is, as /backup.zip
is the most obvious path that hackers can guess. 您的文件本身并不安全,因为
/backup.zip
是黑客可以猜测的最明显的路径。
So to protect the zip file from unauthorised access, move it to the separate folder and create .htaccess
with the following content: 因此,为了保护zip文件免遭未经授权的访问,请将其移动到单独的文件夹中,并使用以下内容创建
.htaccess
:
Deny from all
# Turn off all options we don't need.
Options None
Options +FollowSymLinks
To make this work, your Apache needs to use mod_rewrite with option AllowOverride All
for that folder to allow the .htaccess
file to be run (which usually it is configured by default). 要使此工作正常进行,您的Apache需要对该文件夹使用mod_rewrite及其选项
AllowOverride All
,以允许运行.htaccess
文件(通常默认情况下对其进行配置)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.