Ok, so I read that a good trick in website security (I believe for ddos), is to change your file structure, keeping your main script files out of the web accessible area. Such as if the server is server/myaccount/www/webfileshere to use server/myaccount/hiddenfolder/realfiles and simply use a include(). So if/when a php file is served as plain text the only information seen is include() and no real code.

Here's my issue.

I have
server/myaccount/hiddenfolder/signin.php
being called from
server/myaccount/www/signin.php

when I try to use filetime() to get the time the file was last modified, it says
Warning: filemtime(): stat failed

The reason I am using filetime() is for the html tags
<meta http-equiv='last-modified' content='".htmlspecialchars($time)."'>

Any ideas how to fix this? I tried using filetime() as a relative path (since I know the exact location), and the dir option, but they all keep returning the exact same error.

    Does your server's user account (which probably isn't your user account) under have read permission for those files/directories?

    Also, it's not really a defence against ddos; it's more just to make it a bit harder to accidentally leak the source code of your scripts. Some do it with site assets they don't want people hotlinking to or downloading in bulk.

      Write a Reply...