I just bought a new domain and now i want to upload files there.
I am trying to use FileZilla and it asks me for Host,Username,Password and Port.
Now in Username and Password i have tried typing the same things i typed in GoDaddy.com, but now i do not know what to type in Host and Port.
By the way are there any other easier and free ways to upload files to my website?
Have you bought a domain or some kind of hosting service?
A domain is only a name, you cannot host files there.
FileZilla should be very easy to use once set up, so that's not going to be your issue.
Related
I am just about to go live with a website and am addressing security issues. The site has been public for some time but not linked to the search engines.
I log all incoming requests and today noticed this one:
GET /home/XXXXX/code/repositories/YYYYY-website/templates
where XXXXX is a sudo user on my server and YYYYY is my company name.
This is actually the structure of my Django project code.
My website is coded using Django and runs under Apache2 on Ubuntu.
My question is how can this guy possibly know the underlying code/directory structure on my server, in order to create this request?
Their IP is : 66.249.65.221.
They come up as 100% a hacker on https://ip-46.com
Any contributions welcome.
EDIT1 25/11/2019
With some helpful input from Loïc, I have done some investigation.
The Ubuntu 18.04 server is locked down as far as logging in goes - you can only get in with one of my private keys. The PostgreSQL is locked down - it will only accept connections from one IP where my dev machines reside. RabbitMQ is locked down - it won't accept ANY external incoming connections. The robots.txt allows all crawling but the robots meta restricts access to about 12 pages only.
Somebody who knows Django, would know how to form this directory path if they knew the Django project directory but they also have this relative to root on the server. The only place where this is available is in the Apache2 config file. Obviously Apache needs to know where to pick up the Django web server.
I am 99% sure that this 'hacker' got this via some sort of command to Apache. Everything is redirected to port 443 https. The above GET request doesn't actually do anything because the url doesn't exist.
So to make the question more refined. How can a hacker pull my Django absolute project path from my Apache2 config file?
There are a lot of different ways to learn about the directory structure of a given server.
The easiest usually being error logs;
If in your django settings, DEBUG is set to True, it is very easy for an attacker to get the directory structure of your project.
Then there is LFI, a security issue allowing an attacker to read local files. It's then possible to read some logs, or apache configuration to learn what is your project directory...
The problem could come from another service running on your server as well...
One cannot really give you a complete answer on this topic, as there are a lot of different ways this could happen.
Right now I am storing the uploaded images in local path, so I want to create one FTP server where I can store all my images so that others who are accessing my API can access the uploaded images also
I am not understanding where to start and how to create an FTP server
my model:
class Resized_image(models.Model): image = models.ImageField(
upload_to=datetime.strftime(datetime.now(), "photos/%Y/%m/%d"), width_field='width', height_field='height', )
here i am specifying the local path to store uploaded images
I want to create an ftp server with uploads/ folder so that whatever the images I have uploaded using any server will be stored inside that uploads/ folder in ftp server
I think you are confusing the need for storing files, and FTP Service.
From what you have mentioned you have a Django app, which you want to store images.
If you can upgrade/add storage to the server that you are currently using, you do not need an FTP Server.
If you can not add storage to the server where the FTP Server is running, then consider other network based storage. Cloud, AWS....
If you still can not find any storage - then reluctantly (and I mean really reluctantly) consider ftp.
Why ?
It is a security nightmare.
It will create more problems than it solves
You should create users and password
People will forget these, and you will spend your life resetting them
all connections are easy to hack (un-encrypted communication channel to pass credentials)
For FTP - on Windows, it is built in to IIS. For Linux, you will need to add an FTP Server.
As i have installed WAMP developer Pro recently and i have solved everything that it needed but the main problem is coming which is most important , i am unable to put my website online as i have made a url from WAMP developer and i have putted my all website file in it it is working fine in my as i type www.radharamnji.com it comes but other can not see it so please tell me how i can make it online so everyone can see it.
here is a pic of WAMP developer
If You Have A Website and domain You Have To Upload All Of Your Files To Host Public_html Folder.
If You Want to change your computer to a server you have to buy a valid IP and set dns settings and ...
If You Upload Your Files On The Internet YOu Have Too Change Your Adrress to Relative.
For Example Change The Adrress Of Picture From (http:/localhost/img/img1.jpg) To (img/img1.jpg).
The WAMP you are using has a guide for this located on its site's /howto section: "Enabling Online and Internet Access of Websites...".
Chances are:
Your Windows Firewall (and also anti-virus s/w such as McAfee) are blocking incoming port 80 and 443 TCP connections, and the httpd.exe process.
Your Router does not have any port-forwarding set up for WAN:80 to LAN:80.
I've got a little Django site in which users can link to images on other sites in their comments. It's by no means a core feature.
I've just moved the entire site to SSL. That has worked fine for the most part but remote images are obviously not always going to be available over SSL. Only the slightest number of domains have valid certificates.
What's the best way to funnel images through then?
Download them when the user posts and alter the URL to a local one?
Make a proxy that just proxies another URL?
The second seems like less work (I feel like it would be possible just with NGINX rules) but that it would also open the site up to people using my proxy for their own nefarious gain... Which I'd like to avoid.
What's the best compromise here?
Github ran into this same issue when they moved to HTTPS everywhere and detailed it in their blog: https://github.com/blog/743-sidejack-prevention-phase-3-ssl-proxied-assets
Their solution was to create a proxy server which they open sourced as https://github.com/atmos/camo To address the same concerns about abuse of the proxy it is deployed with a shared secret with the application server. Integrating this would a Django project would be straight forward as you would just need to generate the digest from the shared key for the given image url.
I am using WAMP as my local server and what I want to know is can I use filezilla to transfer my files across from my documents to the WAMP server?
If so how can this be done in filezilla, (what do I need to put in host name and do I need a username or password, I did not set one so do I need to set one and if so how?).
Thank You
You don't need FileZilla for what you are after. You simply need to move your files from My Documents to the www directory of your Wamp installation. You can then point your URL at that file. So if you have a file foobar.php and drag it into www then you can access it at http://localhost/foobar.php.