Should anyone really be able to view your skin files?

Hi all,

I have just noticed that anyone can navigate around your skin directories and files if they knew what to look for.

For example, if you follow this link to the CS demo site at - [URL=“Instant Demo - CS-Cart Multi-Vendor Demo Try Free for 15 days”]Instant Demo - CS-Cart Multi-Vendor Demo Try Free for 15 days , you can navigate around all of the files.

Shouldn’t there be .htaccess files in there to stop you doing this or am I being over cautious?


Most developers would prefer to see the file structure.

depends on your target market I believe.

Webmasters and such would prefer seeing it as such

I have this in my .htaccess file


block all smarty templates (no reason to have these exposed)

RedirectMatch gone ^/.*.tpl$

block all .log (log files), .sql (sql dump/export) and .conf (config files) files

in case some day these files move to another directory

RedirectMatch gone ^.*.(sql|log|conf|bak|orig)$


Yeah, don’t really like the idea of someone browsing around the files.

I’m going to use some .htaccess magic I think.

Many thanks

A couple other handy functions for an .htaccess file

Options -Indexes

This will prevent directory listing if there is no index file

php_value engine off

This should be included in every directory htaccess file that is world writable and executable (777) if it does [COLOR=“Red”]NOT[/COLOR] contain PHP files.

This will prevent a hacker from using a php shell if they were lucky enough to get it in place. Only use this in directories without php files

If you are using Cpanel, you can prevent this by using index manager.

Click on the index manger icon, select the current folder, select no index and click save.