Donate to us via Paypal!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Tuesday, October 27, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 120
Guests Online: 118
Members Online: 2

Registered Members: 129433
Newest Member: jessievd69
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

.htaccess question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-04-07 09:07
Hi @ all,
I'm a total newbie here, so please bear with me...
I have a question about .htaccess, perhaps someone can
help me with this.
There is a website (I don't post the address here) that
sells graphics and tubes for PSP-Users to create signature-tags
from various artists.
When you buy these packages you will get a download-link for a
.rtf-document with the info from where you can download your files
(it's a totally other url then the one where you buy) and the username
and password. When you go to this url you must click on an image and then a window pops up where you can insert the username and password (I think it's .htaccess).
I'm a customer there and bought many packages, but I'm a little scared about the security aspect there because I found out a few things:

1. when multiple customers bought i.e. package A from artist B they all get the same username and password, it's not individual for different users. And the username is always the name from the artist, so it's only a 50 % security, I think.

2. when you leave something from the download-url you can get into the directory which says "Index of/" and some things I discovered aren't secured with .htaccess, you can download the zips directly, others are.

So perhaps someone can tell me if there's a way to break into these .htaccess-files when you already got the username and only must guess the password? The password is always a 5-10 one with uppercase, lowercase and numbers mixed. The .htaccess-file isn't visible but I know in which directory it is, but you can't see it cause it's forbidden.

I ask this because I'm scared about buying there in the future cause I think the security aspect is not given.
I hope someone can help me and answer here or pm me.
Thanx so much,
wullewaddel