Comments on: Securing FCKEditor http://blog.thefrontiergroup.com.au/2009/04/securing-fckeditor/ Your peek inside the collective mind of The Frontier Group Tue, 08 May 2012 03:28:54 +0000 hourly 1 http://wordpress.org/?v=3.1.2 By: Johnny http://blog.thefrontiergroup.com.au/2009/04/securing-fckeditor/comment-page-1/#comment-830 Johnny Fri, 05 Mar 2010 09:59:09 +0000 http://thefrontiergroup.com.au/blog/?p=364#comment-830 Just the other day we found out a "hacker" exploited a plugin, ImageManager, in one of our FCKeditor powered sites. They found direct access to upload files through a Google search! You tips are excellent and essential to securing the FCKeditor. I'll add one more which helps the fact that you can browse these files due to a lack of index pages throughout the editor files. Create an htacess file in your "fckeditor" folder and put the following line in it: IndexIgnore * That way, you'll get a 403 Forbidden error for anyone snooping around. Cheers! Johnny Just the other day we found out a “hacker” exploited a plugin, ImageManager, in one of our FCKeditor powered sites. They found direct access to upload files through a Google search!

You tips are excellent and essential to securing the FCKeditor. I’ll add one more which helps the fact that you can browse these files due to a lack of index pages throughout the editor files.

Create an htacess file in your “fckeditor” folder and put the following line in it:

IndexIgnore *

That way, you’ll get a 403 Forbidden error for anyone snooping around.

Cheers!

Johnny

]]> By: Matías http://blog.thefrontiergroup.com.au/2009/04/securing-fckeditor/comment-page-1/#comment-303 Matías Sun, 02 Aug 2009 05:48:10 +0000 http://thefrontiergroup.com.au/blog/?p=364#comment-303 Good Tips! Good Tips!

]]>