.htaccess file for read only access

[steven]

I am running this website, and i'd like to configure my .htaccess file so that whoever tried to hack into my website has only read-only (no write) access to particular folders or directories. How can I accomplish that?

[atari]

I can't really remember any parameter that you could include in your .htaccess to tell the server to treat a folder as read-only. You probably have to do that on the OS level.

[mod]

I am running this website, and i'd like to configure my .htaccess file so that whoever tried to hack into my website has only read-only (no write) access to particular folders or directories. How can I accomplish that?

It is a very good idea to set read-only access to certain folders and files. Although you can't do this in your .htaccess, you can do it at the OS level.

It's especially important that you set permissions on your configuration files and files that include connection settings as read-only.

For Unix/Linux systems use the default .htaccess as supplied and then set the directory permisisons to 755 and file permissions to 644, or in some cases 444.

If you cannot do this with your FTP software, try using the File Manager supplied with your webhosting account.

For Windows server systems, simply set the file as "Read-Only" for "Everyone" and especially the IUSR_xxxxx (Internet Guest Account) user if running IIS, or the "System" account or "apache user" if running Apache.

[steven]

Thanks for your advice. What is chmod and how do I use it?

[mismas]

I am running this website, and i'd like to configure my .htaccess file so that whoever tried to hack into my website has only read-only (no write) access to particular folders or directories. How can I accomplish that?

Yeah, setting your folders and files to read-only is a very good practice. Usually, during initial installation, you are advised to set for example your images folder to read/write, so that you can use the Admin interface to upload images without having to use FTP for each one. Similar recommendations are made to other files for various reasons.

However, leaving the images (or ANY other) folder in read/write mode means that hackers "might" be able to put malicious files in this (or other) folder and thus create access points from which to attempt nasty exploits.

Thus, once your site is built and your images have been created/loaded, you should drop the security down from read/write to read. ie: change from CHMOD 777 down to 644. On Linux/Unix hosts, generally, permission-setting recommendations for basic security are: - folders/directories: 755 - files: 644

[mod]

Thanks for your advice. What is chmod and how do I use it?

CHMOD is a command to alter security permissions in Unix/Linux. The syntax is

chmod XXX file/folder

The first X is user permissions, second X is group rights, the third one is permissions of others.

Every X can have value from 0 to 7.

0 = no access
1 = execute
2 = write
4 = read

Add the numbers up to come to your desired permissions level.
 
Example: I want to change permissions to file.txt, so that I:

have all permissions (1 + 2 + 4 = 7)
group can read and write (4 + 2 = 6)
others nothing (0 = 0)

The command will look like chmod 760 file.txt

You can do this for your website folders and files.

[atari]

By the way,

Options -Indexes

is used to not show directory listings for URLs which map to a directory. Another level of security..

Cheers!