Author Topic: See if you can get into  (Read 2645 times)

Offline jwboyd

  • Super Duper Poster
  • ****
  • Posts: 912
    • View Profile
    • http://
See if you can get into
« on: September 30, 2003, 03:04:51 PM »
My son has a web site that I think is pretty cool. He has added a "Friends and Family" link that is password protected, for family photos and such. He has e-mailed the password to friends and family.

Out of curiosity, I'd like for my friends here at TS to try getting into this special link and let me know the results. Thanks!

Here is the URL:

http://www.frii.net/~dboyd/
I'm not a complete idiot -- a few parts are missing!

Offline Bill

  • TS Addict
  • *****
  • Posts: 4615
    • View Profile
See if you can get into
« Reply #1 on: September 30, 2003, 03:21:13 PM »
No can do here. biggrin.gif
Two cans and a string powered by a big mouth

Offline RobW

  • TS Addict
  • *****
  • Posts: 1865
    • View Profile
See if you can get into
« Reply #2 on: September 30, 2003, 03:31:06 PM »
Couldn't get in. Nice work on this site!! notworthy.gif
-Rob
A couple of IMacs, an iPad, a bunch of iPhones...two of which don’t live here, but I still pay for. Oh yeah, wife, daughters, and yes—a grandson!

Offline pendragon

  • TS Addict
  • *****
  • Posts: 7178
    • View Profile
    • http://www.pendragonservices.com
See if you can get into
« Reply #3 on: September 30, 2003, 03:32:59 PM »
IAWB. Nice site, what little I could see of it. doh.gif

Harv
Those who can make you believe absurdities can make you commit atrocities. ~ Voltaire

Offline Russ Kidd

  • Super Poster
  • ***
  • Posts: 112
    • View Profile
See if you can get into
« Reply #4 on: September 30, 2003, 03:36:39 PM »
IE 5.0
OS 9.0.4

Very nice website.

I particular like how the pages load nearly instantly even though I'm on a 56k dial-up.  I've never seen pages load faster.  Much appreciated.   smile.gif

When I clicked on "Family and Friends," I got the dialog asking me to enter user I.D. and password.  I clicked Cancel, figuring I would be taken back to your page, but instead I was taken to a page with the following message:

Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

------------------------------------------------------------------------
Apache/1.3.28 Server at users.frii.com Port 80


Kind of felt like I had done something wrong.    ohmy.gif

I would recommend changing that.

Otherwise, beautiful job.   smile.gif

Offline Diana

  • Super Poster
  • ***
  • Posts: 410
    • View Profile
See if you can get into
« Reply #5 on: September 30, 2003, 05:29:26 PM »
Hi jwboyd,

That page looks good and the private link seems quite secure. When I first saw your request I thought "oh boy some fun..smile.gif" I figured to find a javascript or some other scripted password method. Those are so easily broken. But, he is using the .htpasswd/.htaccess file method that is part of Apache. This is good.

I even looked to see if the access or password files were publicly accessible but they didn't appear to be. The Apache web server seems to be pretty tight except for one thing. Realize that what I'm about to point out is a pretty standard setup, it's just not tight enough for me:

Try these links:
Directory listing 1
and
Directory listing 2

Those links above provide a look into the folders themselves..Not a bad thing if that was the intent, but a surprising thing if that isn't what you expect. Because of this behavior, one has to be fully aware of what is there and where it is. Note there are also a couple of files called ws_ftp.log in some of those deeper directories (folders). That is a text file that kept a record of every file sent to that directory, even if it is no longer there. Since it appears that he is using Front Page now, he probably doesn't use WS_FTP program anymore, but even if he did, there is no reason to leave those log files on the server. (click on them..you'll see..smile.gif )

SO, to fix this, all he has to do is put a blank text file in each and every directory and name it index.html. If he wants, he can put some text on that file like "nothing to see here..go away" or some such. With an index.html file in every directory, the server won't list the files the way it does now. It doesn't look as if any of his protected family photos are in these open directories so that's a good thing..smile.gif

and Russ...that message you got is server defined...only the server admin can change it. It's not meant to be rude, it's just matter-of-fact. If that was my system, I would also disable the "banner" that gives away the Apache version number...but then I'm paranoid..smile.gif
Diana
Sysadmin Rule #14: If it's not on fire, it's a software issue.

Registered Linux user 290473
http://counter.li.org/
http://www.crestcomm.com/diana/gnupg.txt for GnuPG public key  

Offline jwboyd

  • Super Duper Poster
  • ****
  • Posts: 912
    • View Profile
    • http://
See if you can get into
« Reply #6 on: September 30, 2003, 06:47:15 PM »
welcome.gif

All comments are appreciated and duly noted.

Dave and I both will continue to monitor this page for further input.

 thanx.gif
I'm not a complete idiot -- a few parts are missing!

Offline krissel

  • Administrator
  • TS Addict
  • *****
  • Posts: 14735
    • View Profile
See if you can get into
« Reply #7 on: October 01, 2003, 12:25:14 AM »
Outstanding pictures, especially the panoramics.  B)

Two little things:

First, on the page with the China panoramas there is a thumbnail for the waterfront but no direct link in the html to the actual full size pic. I found it by going into the images folder. The others on the page are OK.

THIS ONE

(BTW, are the ghostlike silhouettes of building shapes in the sky in that picture due to the camera, the scanning or the panoramic process?)

Second, I was going nuts for a little while trying to figure out where I had been until I realized your css called for the reddish color as the basic link and the blue as the visited link. That is the opposite of all norms on webpages and may be very confusing or a bit annoying for guests.

Otherwise I enjoyed visiting and spent quite a lot of time taking a visual vacation.

Thank you.   biggrin.gif


A Techsurvivors founder

Offline jwboyd

  • Super Duper Poster
  • ****
  • Posts: 912
    • View Profile
    • http://
See if you can get into
« Reply #8 on: October 02, 2003, 10:33:48 AM »
Here is Dave's message to everyone at TS:
    Be sure to thank everyone on Tech Survivors for their assistance and
kind comments.

This is his message to Diana:
     That Diana is really sharp!   Luckily, I found some really
good documentation on the web on how to use .htaccess files, and knew most
of the right things to do.  I'll work on implementing Diana's suggestions.
I've removed all of the ws_ftp.log files.  I am using Front Page, but also
use Ws_ftp, as I haven't been able to get the "Publish" function of Front
Page to work with my ISP.

And this is for Krissel:
    I've also fixed the link to the Shanghai waterfront picture.  I'm not
sure what "ghostlike silhouettes" krissel was referring to, but that picture
does have some vertical banding that is caused by the camera.  It only shows
up in some photos, and I haven't tracked down the cause yet.  I liked that
picture enough to go ahead and post it even with the banding. BTW, the
color choices for visited and unvisited links are chosen by Front Page based
on the "theme" that the user picks.  If I ever do a significant revamp of
the site, I'll try to take that into account.

Many thanks to everyone!
jwboyd
I'm not a complete idiot -- a few parts are missing!