1

I am trying to find out how secure this scenario would be.

I have a directory which I do not want anybody to ever be able to access or download the encrypted log files within the directory.

I have this directory protected by .htaccess basic authentication.

I have not set a username and password for the directory.

I have ssh key setup for my ftp client and have disabled ftp so nobody could get through to download this directory via ftp.

Since a brute force attack will not work on the directory because there are no credentials set, would this be considered a locked directory without a key and impenetrable?

If not, how would someone penetrate the directory other then guessing cpanel credentials?

Thank you for the advice.

J---
  • 37
  • 11
  • 1
    Does the Apache or PHP user have read access to the folder? If yes, then an insecure script could *possibly* allow reading files. (If there is no web-facing code that uses the files, why place them in public_html at all?). Besides that, any CentOS or CPanel internet-connected service might have bugs allowing access. – Dave S Apr 07 '18 at 01:47

0 Answers0