FTP Setup

[wysard]

I've know this for a while and wondered but never asked. When you set up an FTP site with the idea to make file transfers of any kind and make it secure the password should do the trick. All sites I've set up work perfectly with CuteFTP (and other FTP clients I'm sure) and of course the password is required. So I make an FTP directory for wysard on thedomain.com and the directory is now thedomain.com/wysard (at least to the web).

If I now go to http://thedomain.com/wysard I get a nice listing of all the files and can download any one of them. So much for FTP and passwords. This can be fixed with an index file in the wysard directory, but for a novice this "feature" might not be known.

Since this feature has probably been around forever, why doesn't cPanel put an index file there or at least post some sort of warning. I know I found out by accident and I also knew to put blank index files (but I did forget once and that was all it took to find out). To me this is somewhat of a bug - but not really?

Just curious.

Cheers

[neb1211]

The best way to handle this is to simply put the FTP directory for that account in root directory of your account, not the public_html folder. I have several accounts setup that way and they cannot be viewed using a web browser.

[Aric]

Anything you post inside your web root directory will be visible to anyone who accesses that directory unless there is an index file OR you turn off directory listing in cPanel (or restrict access to the directory in some other way). Go to index manager in the advanced section and select the directory you want to change. Then select "no indexing" and this way people won't see a file listing in that directory even if you don't have an index file or restrict access in some other way.

Regards,

Aric