Blog

Hosting Headache-Part 1

Changing your host is never fun, but sometimes we are forced to change a hosting provider out of lack of choice. Usually, people switch hosts when faced with extreme circumstances which couldn't be solved in any other way; after all, moving websites from one server to another is a pain in the a**.

Take a look at Myriad Network: it is a good example of an impeccable hosting service turning bad all of a sudden!  

Even just a few weeks ago I used to think that Myriad Network was the best thing to have happened to me; in fact, I used to recommend over Hostgator, where I also have an account. Everything looked good until they decided to sell their servers to a third party. I am not sure why they did this-maybe because they thought they could do better things than offering quality hosting.

Anyways, long story short, I purchased a VPS (Virtual Private Server) at Liquidweb.com and moved my websites before it was too late, since from what I read around the web, EMC telecom, the new owner of Myriad Network, doesn't have a 'nice' reputation in the hosting market.

Some are saying that my website has got a bit faster after the move. Personally I doubt it, since I don't see any major variations in speed; if anything, I have been burdened with a myriad of extra problems at LW ever since I moved there. Now I am again shopping for a new host. :(

Anyways, on certain hosts (such as Hostgator) Apache is configured to show the contents of a directory which doesn’t contain an index file (e.g., index.html, index.shtml or index.php file). On other hosts, if a directory doesn’t contain an index file, the visitor would receive a 403 forbidden page while trying to view the contents of the folder.

As a custom, I upload an index.html file into all my folders. However, it is possible that I may miss out on some of the folders on my servers, and these folders would be like open books to the hackers and thieves! Thieves could easily peek into these folders and steal your files (unless you have password-protected those folders)!

I know of three ways to protect a folder using Apache, so that even if you forget to upload an index file in any folder, others would still be forbidden to read its contents. To give you an idea, here is an example of an 'unprotected' directory which displays all its contents like a restaurant menu:

And here is one protected by Apache:

If your webhost allows you to setup custom error pages (most do), you can even customize the error page like I have done: http://flexiblewriter.com/images/

Basically, all you need to do is to create a normal webpage as you would in say, Dreamweaver™ or FrontPage™, save it as 403.shtml and upload it to your server. You can also setup your custom error page from within Cpanel™, but I use the former option since it offers me greater control over the error pages.  Feel free to use the option you are most comfortable with!

Or if you want, you can even save a blank page as 403.shtml page, in which case people would see a blank index file every time they try to read the contents of an unprotected folder.

Okay, now here are three ways to turn off Directory Indexes on your website:

1. Login to Cpanel, then click on Index Manager:

A popup message would come up. Click on the "Go" button:

You would see a list of directories your site has. If you wish to turn off indexing in selected directories, just click on the directory name and then choose the "No Indexing" option on the next page:

Repeat this process for as all the individual directories for which you want to turn off indexes.

On the other hand, if you want to turn off indexes for all directories by default, you would need to turn off indexes of your public folder, which should be something like: /public_html/ or /www/ (ask your host if you are unsure of the correct path).

2. The second option is for the semi- techies or techies who don’t have root access to their accounts (meaning that they cannot login into FTP or WHM as "root" user). Open your .htaccess file, make a backup copy of it for safety reasons, and then put the following directive at the top of the .htaccess file:

Options All –Indexes

Save and re-upload the .htaccess file!

Note: With some hosts, you might get a 500 server error if you put this directove at the top of the .htaccess file! In that case, just move the directive at the very bottom of the file!

3. The third option is for semi-techies or techies who have root access to their server (meaning that they can login into FTP or WHM as "root" user). This is by far the easiest method I believe, once you get the hang of it.

BEWARE: Any Apache settings you change here would take effect globally on ALL the domains in your WHM! So, if you only want to turn off indexes on selected domains, you should either use method#1 and 2 above.

Login to your WHM, then click on "Apache Configurations" link on the left menu:

Then click on "Global Configurations" link:

Uncheck the checkbox next to "Indexes":

This will turn off directory indexes for all accounts under that WHM! After you save the settings, you would probably be prompted to restart Apache for the new settings to take effect!

As always, your comments are appreciated!