Help!! Security Issues with web site

Whenever we start our webservices, web visitors can view our folder list. The option is disabled on the server and the web folder is not being shared.
Any ideas? One of my sites was hacked into.
thanks!!

Without an index.html file, the directory structure is shown by default in Apache.
The easiest thing to do is have an index.html file in every folder. Nothing elaborate, just a simple html page will do.
Hope this helps
-Gregg

Similar Messages

  • Need a topic for Verizon Web Site + Issues with Web site (please forward)

    Suggestion 1:  Add a topic/forum section for Verizon Web site:  If I've missed it, please let me know, but I searched the forums and could not find results for "web site," except irrelevant references.  Since I could not find one, here is. . .
    Suggestion 2:  Fix these Web site problems  (can someone in Verizon forward these to your Web team?  All attempts failed)
    On Contact us page, Customer Service link leads to a 404, not found error
    Fix faulty 'next page' link in Droid Reviews:  When going from page 2 to page 3 of reviews using the 'next' link at the bottom, the reviews change from Droid Reviews to HTC Imagio reviews.  Droid still shows at the top, but the content consistently shows that people are reviewing Imagios.
    User names like IluvImagio and imagiouser
    Features of Imagio are referenced
    Bar at top shows 2000+ reviews and image of Droid; info for review section of page shows 300+ reviews
    http://www.verizonwireless.com/b2c/productReview?action=showAllReviews&phoneId=5069&item=phoneFirst&...
    Suggestion 3:  Fix faulty link for forum registration:  When trying to register for the forum, I clicked on 'Register.' I got an error that my password and username were incorrect.  I thought I'd misclicked, but I could reproduce this.
    Cheers.

    Hello Artemis51,
    My apologies for the late reply on this one.  Great feedback!  I'll definitely add this to the list of registration issues that we're working on. 
    Thank you so much for taking the time post these issues in such detail.
    Regards,
    Kathleen
    Verizon Telecom
    Online Center of Excellence
    Notice: Content posted by Verizon employees is meant to be informational and does not supercede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or Plan.

  • Security issue with web server plug-in with Weblogic server

    Hi,
    I have a setup where I have an Microsoft IIS setup as the front facing web server and have the WLS IIS plug-in installed on it. At the backend, is two WLS11g managed servers in a cluster.
    I have a JAX-WS client running on HPUX hitting the web service via IIS but I observe a very strange thing. When the service request is rather small, it could pass through IIS and the managed servers could pick up the call and reply correctly. However, when I have a bigger request call (larger payload), it will error out, citing "Unsupported Content-Type: text/html Supported ones are: [text/xml]".
    I have also attempt to put in a TCP/IP Monitor between the client and IIS and it appears that regardless if the call gets through, it seems to consistently got hit with a HTTP error 401.2, follow by a 401.1, and then, the WSDL came back. I am pretty sure that the web services are not secured as I could get the WSDL without any authentication on the managed servers direct from my brower (it did pop the authentication window if I attempt to hit the web services via IIS)
    Anyone has any idea what is going on, the issue seems to be so contradicting...
    Thanks in advance.

    When you look at this link http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8feeaa51-c634-4de3-bfdc-e922d195a45e.mspx?mfr=true
    You can check the authentication method that is configured for that node in the metabase.

  • Security issue with Web Services on Oracle SOA suite? (Serious?)

    Hi,
    I have recently installed and set up the SOA 10.1.3 on my local machine.
    I created a simple test web service and deployed - worked ok.
    I then added simple plain text security to the service, and again opened it up for testing using the test service function.
    Initially, it returns with the expected message 'missing soap header security'.
    However if you refresh the page / or test the service again, it is then invoked - seemingly bypassing the security !!!
    Oddly the 3rd attempt then shows the security message again, and it seems to alternate between allowing access to the service and imposing the security?!?!
    Has anyone else experience this ?
    Is it a bug ? (if so, its a pretty nasty one that could quite possibly catch alot of people out !)

    I have now created an independant client in Java to call the WS.
    The security is still bypassed on ever other call?!?!
    I have this over HTTPS also, and was hoping this would provide an adequate means of securing my web services.
    How is everyone else securing web services that are exposed to general consumers? Maybe i should find a new approach !

  • Using latest version of fireFox to access Think Central, pages will not load and they say that this is a security issue with FireFox?

    Teachers in our district are supposed to use www.thinkcentral.com with FireFox.
    Some have no problem accessing the lesson plans.
    Most when they login click on a lesson plan and an icon shows up that says loading but never does.
    If you reboot the computer and login you can open a page once but not a second time and no other lessons will open.
    Think Central support says this is a security issue with Firefox.
    I have updated FireFox, all the Adobe, Reader, Flash, Air and Shockwave. As well as Java.
    I have allowed the pop ups to the think Central web site.
    Any help would be appreciated

    Are there any notification icons on the left end of the address bar? If so, please click them to see whether they related to security issues (such as blocked content - shield icon: [[How does content that isn't secure affect my safety?]]) or a plugin requiring permission (Lego-like icon).
    Does Think Central have any help pages about this issue? Without an account, it is difficult to explore the issue first-hand.

  • Privacy/Security Issue with Adobe Flash 10

    Not sure if anyone has noticed this or not, but there is a
    bizarre (if minor) privacy/security issue with Adobe Flash Player
    10. I came across it while attempting to upload a file to Flickr.
    Previous versions of AFP do not exhibit this problem.
    Specifics: using Firefox 3.x, Vista.
    The problem: When Flickr calls the "open file" dialogue in
    Flash 10 (in order to upload files) via the "Upload Photos and
    Videos" link, at the bottom of the dialogue, to the right of the
    "File Name" box, sits a common UI element that brings up a dropdown
    menu of what appear to be (or at least are supposed to be) recently
    viewed or downloaded or accessed files. Actually I'm not sure how
    Flash 10 compiles or accesses this list of files, but at any rate,
    a list of files come up.
    The problem is that, as far as I can tell, the list of files
    that come up reference a long list of files, some that are very old
    and that no longer exist, and that there is no way that I can find
    to clear the list. This is a minor security/privacy issue, as
    generally there should be a way to prevent a dialogue from
    displaying a long list of past-accessed files by clearing a cache
    somewhere or other -- imagine if it was impossible to clear the
    history of a web browser, for example -- this would be considered a
    pretty significant privacy issue. I have tried everything from
    flushing the browser cache to uninstalling and reinstalling the
    browser to uninstalling and reinstalling Adobe Flash to using the
    Flash Settings Manager to clear out the Flash saved sites to
    turning off Vista indexing to clearing out Vista's Recent Items
    list. None of these actions did anything to clear out this list of
    files. I can find no references to these files anywhere when I use
    Vista Search (with unindexed and system files searched as well),
    and I can find no reference to the files anywhere in the registry
    (I checked just in case Flash 10 was storing this index in some
    really bizarre place.) I've linked to a screenshot below of what
    I'm talking about -- most of the files listed below were deleted a
    long, long time ago, and so I have no idea why this dialogue refers
    to them.
    Screenshot
    Is there a simple work-around for this that I'm unaware of?
    Even if there is, there needs to be some more obvious way to clear
    out this list. Where is this information being stored, and what
    criteria does this list use to "put a file on the list"?

    Thanks for putting me on the right scent. That's what I'd
    originally thought, too -- it's just that the file-> open dialog
    was giving an entirely different list of files with other
    applications, so I assumed that it must be Flash that was the
    culprit. Turns out the reason it was different with Flickr was
    because it was restricting the file results via a long string of
    video and picture filetypes that are compatible with the Flickr
    service.
    It turns out the information I'm looking for is buried deep
    within the registry. The only way to clear out this list of files
    is to delete the following key (or specific subkeys):
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidl MRU
    Seems more than a little stupid to store such information in
    the registry if security is your concern. Vista beguiles me
    sometimes.

  • Security issues with connecting pdf to database

    I have a pdf form that is being called from a webform as part
    of a web application. The PDF has two dropdown lists that I was
    populating from a SQL Server Database. I had created a special user
    that had select access only to the tables for the dropdowns.
    My question is are there any known security issues with
    regard to allowing a pdf to connect to a database this way. The PDF
    is being called from a secure connection but I don't know if
    opening this database connection to populate these dropdowns
    exposes a security hole of any sort. If it does, do you have a
    solution to make this secure? I am asking because another developer
    on the project brought up the issue of this design creating a
    security risk and I haven't been able to find anything online
    discussing it either way.
    Thanks!
    Maureen

    Hello Maureen,
    Thanks for posting, but I'm not sure I see if your question
    relates to Acrobat.com
    Are you using any of the Acrobat.com Services as any part of
    your workflow?
    Thanks!
    Pete

  • I am having issues with a site for work. it loads all the links on the left side of the screen. is there a way to fix this or get an older version of fire fox?

    Its my office intraweb and I was told its not compatible with this upgrade

    You can try basic steps like these in case of issues with web pages:
    Reload web page(s) and bypass the cache to refresh possibly outdated or corrupted files.
    *Hold down the Shift key and left-click the Reload button
    *Press "Ctrl + F5" or press "Ctrl + Shift + R" (Windows,Linux)
    *Press "Command + Shift + R" (Mac)
    Clear the cache and the cookies from websites that cause problems.
    "Clear the Cache":
    *Firefox/Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
    "Remove Cookies" from sites causing problems:
    *Firefox/Tools > Options > Privacy > Cookies: "Show Cookies"
    Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Firefox/Tools > Add-ons > Appearance).
    *Do NOT click the Reset button on the Safe Mode start window.
    *https://support.mozilla.org/kb/Safe+Mode
    *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

  • Security issue with unlocking my iPhone 4?

    I'm not sure if anyone here will be able to help me but I am trying to get my iPhone unlocked with AT&T. I bought my iPhone on contract through AT&T in December 2010. My account is in good standing. I paid my ETF, it's technically eligible to be unlocked. I called AT&T on April 9th for an unlock and it's now April 19th and still no wordd from them. I've called several times and they won't tell me what's going on other than that "there is a security issue with unlocking my iPhone and the issue is with Apple, but they are working on it." From my understanding, all AT&T needs is the unlock code to enter into the system and unlock it from there. I don't know what security issues could possibly exist that would create a problem. The only thing I can think of is that when I orginally bought my iPhone it turned out to be a lemon and had to get it replaced the day after I bought it. I did this through an Apple store since it was around Christmas. The IMEI number on my phone doesn't match the one AT&T has on file, but that shouldn't matter? I gave them the right IMEI number that is on my current phone. Does anyone know what "security issues" can exist when it comes to unlocking an iPhone 4?

    Don't stress over the words used by the customer service people at AT&T. Half of them don't know what they're talking about more than half the time.  You are probably correct in that it has something to do with their database being inaccurate. 
    Give it a few days, then contact them again and ask for it to be escalated.
    Ignor rNair. The idea that Apple made it mandatory for AT&T to do anything is complete and total bunk. (S)He has no idea what (s)he's talking about

  • Is there a way to  have the iPad 2 "read" text from iBooks as with web sites or pages?

    is there a way to  have the iPad 2 "read" text from iBooks as with web sites or pages? A different App perhaps?

    Isn't that you asking how to get it (undefined) back?
    If you never had Pages '09, you can buy it from Amazon very cheaply:
    http://www.freeforum101.com/iworktipsntrick/viewtopic.php?t=432&sid=f68e84cd2ec6 123bd2ed93806c7e7fb6&mforum=iworktipsntrick
    Peter

  • Severe Security Issue with Sharing Permissions and Windows

    I recently discovered a severe Security issue with the windows sharing an permission settings:
    I have two users, an admin user and a parental controlled user. On my mac mini, i have a external harddrive connected. On the harddrive, i have three folders, Itunes, Iphoto (Package) and a Temp Folder. I want to share the Harddrive RW for the admin, but only R for the parental user. But the Temp folder should be accessible for RW for the parental as well.
    1. I set the Drive checkbox "ignore ownership" off.
    2. I set the permissions of the drive to admin RW, parental R and Everyone to "no access"
    3. I apply to enclosed Items
    4. I set the permission of the Temp folder to admin RW, parental RW and Everyone to "no access"
    5. I apply to enclosed Items
    6. I go to "File Sharing" in the Preferences and activate SMB sharing for both users
    7. I delete all previous shares
    8. I add the Disk and use the proposed permissions which are admin RW, parental R, Everyone "no access"
    9. I add the Temp folder and use the proposed permissions which are admin RW, parental RW, Everyone "no access" - Funny, there is a new Group called "Temp" created which has custom access on both sharepoints
    10. I connect to the mac over a Windows machine (NTLM auth set appropriatly). Now I try to create a folder on the root of the Disk share, I get a denied message.
    BUT WHEN I GO INTO A SUBFOLDER (eg. ITUNES or IPHOTO), WHICH HAS ALSO JUST "R" PERMISSION FOR THE PARENTAL USER, I AM ABLE TO RW, DELETE AND DO EVERYTHING!!!
    TO RECAPITULATE: THE SHARING PERMISSIONS ARE "R", AND THE FILE PERMISSIONS IN THE RESPECTIVE FOLDERS FOR THE RESPECTIVE USER ARE ALSO JUST "R". BUT THE USER CAN DO EVERYTHING IN THE SUBFOLDERS!!!

    I recently discovered a severe Security issue with the windows sharing an permission settings:
    I have two users, an admin user and a parental controlled user. On my mac mini, i have a external harddrive connected. On the harddrive, i have three folders, Itunes, Iphoto (Package) and a Temp Folder. I want to share the Harddrive RW for the admin, but only R for the parental user. But the Temp folder should be accessible for RW for the parental as well.
    1. I set the Drive checkbox "ignore ownership" off.
    2. I set the permissions of the drive to admin RW, parental R and Everyone to "no access"
    3. I apply to enclosed Items
    4. I set the permission of the Temp folder to admin RW, parental RW and Everyone to "no access"
    5. I apply to enclosed Items
    6. I go to "File Sharing" in the Preferences and activate SMB sharing for both users
    7. I delete all previous shares
    8. I add the Disk and use the proposed permissions which are admin RW, parental R, Everyone "no access"
    9. I add the Temp folder and use the proposed permissions which are admin RW, parental RW, Everyone "no access" - Funny, there is a new Group called "Temp" created which has custom access on both sharepoints
    10. I connect to the mac over a Windows machine (NTLM auth set appropriatly). Now I try to create a folder on the root of the Disk share, I get a denied message.
    BUT WHEN I GO INTO A SUBFOLDER (eg. ITUNES or IPHOTO), WHICH HAS ALSO JUST "R" PERMISSION FOR THE PARENTAL USER, I AM ABLE TO RW, DELETE AND DO EVERYTHING!!!
    TO RECAPITULATE: THE SHARING PERMISSIONS ARE "R", AND THE FILE PERMISSIONS IN THE RESPECTIVE FOLDERS FOR THE RESPECTIVE USER ARE ALSO JUST "R". BUT THE USER CAN DO EVERYTHING IN THE SUBFOLDERS!!!

  • Any security issues with My MSN or outlook bookmarks

    any security issues with My Msn and Outlook as bookmarks

    Your question is not quite clear, and no Mac can iOS, but anything and everything made by or for Microsoft carries a security risk.
    Which is why most sensible people run Apple OS X.

  • Security issues with Lion

    Anyone know what the real deal is with OS X Lion security.  I've heard lots of things about how the recent Blackhat conference in Las Vegas said that Apple's security was not as good as Windows 7's.  Anyone know anything about this?  Thanks in advance for any feedback or input.

    JB2909 wrote:
    I've downloaded Java for OS X Lion 2012-001 to fix the security issues with Java but when I open it to install it gives me an error message saying don't open it as it has a disk image issue (?) and may make my computer less secure or cause other issues? I don't understand why it would cause security risks when it is supposed to be a patch to fix them?!  Is it safe to go ahead and open/install?
    Could that be why Apple has released Java for OS X Lion 2012-002 here: http://support.apple.com/kb/DL1515 ?

  • Security Issues with 8.1 Pro

    I have had several security issues with Windows 8.1 Pro.
    I am curious if the following apps should be loaded by default:
    CheckPoint.VPN
    JuniperNetworks.JunosPulseVpn
    SonicWALL.MobileConnect
    F.vpn.client
    These programs are installed on a fresh install of Windows 8.1 Pro but I do not think they should be.  They are present prior to the install of any 3rd party programs or apps.
    Thanks

    I found them in my firewall list on my Windows 8.1 Pro installation and posted a question on a forum as well, though I don't think it was here.  I don't believe anyone ever answered.
    It looks as though these are parts of the bundled virtual private networking clients.
    Note, for example, the "distributed by Microsoft as part of Windows 8.1" wording on this page:
    http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=605
    -Noel
    Detailed how-to in my eBooks:  
    Configure The Windows 7 "To Work" Options
    Configure The Windows 8 "To Work" Options

  • Are there any security issues with Quicktime player on macbook

    Are there any security issues with Quick Time Player on macbook pro? 2010 model running Yosemite recently upgraded. Thanks!

    No.

Maybe you are looking for