PIRATEBOX

Security question

Posted by meaz 
This forum is currently read only. You can not log in or make any changes. This is a temporary situation.
Now, this forum is in read-only mode. You find details Details hereContinue on /r/PirateBox
Forum List Message List New Topic
meaz
Security question
April 08, 2016 02:04PM
Hi,

I have a question about security. On the piratebox, some foldes (cgi-bon, assets, etc.) are not protected. Especially in the cgi-bin, there are some python scripts. Can't that be a problem?

Thanks!

meaz
Reply Quote
Matthias
Re: Security question
April 11, 2016 03:31PM
Hi,
you are talking about the directory listing, which is not disabled per default?

I won't say "no problem", but I can't imagine an attack window right now.

I'm open up to any improvement.

best regards
Matthias
Reply Quote
meaz
Re: Security question
April 11, 2016 04:24PM
Hi Matthias,

what I meant is that you can go with the browser to those folders. For example, one could type : 192.168.1.1/cgi-bin and see the files in it.

But as I said, I don't know anything about security. So if you say it's ok, that's fine with me!

Thanks

meaz
Reply Quote
TheExpertNoob
Re: Security question
April 13, 2016 08:54PM
.htaccess file?

PirateBox Installs:
2x Zsun's (both testing, one with serial interface)
A5-V11 (mostly for OpenWRT testing DIY)
2x RPi Zero's
(one active in car 24/7, gets a lot of hits at Walmart, movie theaters and the mall)
2x RPi3's (both home servers, one Ubuntu custom install along side a ton of other services)
1x RPi2 (currently work server)
Reply Quote
Matthias
Re: Security question
April 14, 2016 07:49PM
nope, not possible on lighttpd.

We may reduce the file-listing to certain foders, if possible..
Reply Quote
meaz
Re: Security question
April 15, 2016 02:24PM
I found that though:

I'll give a try...

Thx
Reply Quote
Newer Topic Older Topic