Digital goods not protected

Hi all,

I realized when I upload a digital product that it will come in the default upload directory.
Like: http://ellad2.com/wp-content/uploads/2012/07

This directory is a public one. So when you
put that in a browser everybody can see it and download it for free.

Now I put everything with ftp in other directory where it is not accessible.

Is it possible when you upload a digital product to put it directly to that place, instead upload it with ftp and then put the address of the link in the product form?

Ella

  • aecnu

    Greetings Ella,

    Thank you for this great question and a significant item to bring up.

    The truth of the matter is that your host has left your directory structure unsecured and therefore allowing browsing of the directories.

    In addition, I can go through a pretty good part of your directory structure without any problem, I just did.

    So lets puts a stop to this asap. Add to your htaccess file the following code right up at the top of the file:

    Options All -Indexes

    Now if they try to browse the directory without knowing the exact URL they will get an error message.

    Market Press does in fact cloak the download link from purchasing customers, however the hosts blatant security flaw allows people to cruise the folders unhindered.

    Thank you for being a WPMU Dev Community Member!

    Cheers, Joe

  • aecnu

    Greetings Ella,

    Thank you for letting me know we now have your directories protected and my solution working as expected, it is greatly appreciated.

    This issue is actually a server security issue in which in most cases the host is responsible for this action and can apply even if you are not using Market Press or downloadable files, every web site on this particular host will be open to directory browsing and therefore hacking regardless of the types of files.

    The hackers can see your entire directory structure and cause great grief to include c99 insertion and more.

    Happy to know we got this resolved.

    Thank you for being a WPMU Dev Community Member!

    Cheers, Joe

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.