How to download or delete items of a file?

S

stippel404

Verified User
Joined
Jun 15, 2024
Messages
10
Hi, newbee here.
I've started my website in 2020. Earlier this year, February 2024, I've decided to delete all my images of my website (the library was totally empty). After that I add new images to my pages. No problem, so far so good.
Now I have an unpleasant visitor who comes several hours a day on my website. He/she wants to see a cropped image I've used in 2020. I can see that in my Life Traffic: he tries the URL's ....upload/2020/06/cropped-intro-welcome-180x180.jpg or 32x32.jpg. Although I have blocked his IP-adress, I can see that he's still trying these URL's, on this moment for 100.000times in the last few weeks.

My question is: are these images still in the file on Direct Admin? I have a file uploads/2020/06 but I cannot see what is in that file. If those cropped images are in that file, how can I delete them? Or: can I download that file to my laptop, so I can see the content of that file? I hope someone can help me, no I'm not an expert at all, I learned all about making websites etc through forums like this one.

Thanks anyway for your help at advance.

Stippel4004
 
this person just added to own website link to picture from your website, to not waste his own disk space ant traffic. you removed picture - visitors from his website still trying to receive it each time when page loading. your nginx just will return 404, or you can "put him a pig" add picture with content you want with name his looking and it will be shown on it website ;) you can put to this picture anthing, like "I'm a loser who steals images from other sites" and make it lightweight to decrease own traffic.
 
Okay Zhenyapan, thanks for your explanation, but I'm thinking: why does it happens several times a day for an hour of so? It seems to me that this is an attack, because it doesn't go the whole day long but just one hour and after a pause of 5 till 6 hours it happens again for one hour.
About your suggestion for a 'put him a pig' picture: great idea but I don't know how to do that. He has still the other picture of my website.
By the way, that was my question: Are these images still in my file on Direct Admin? I have a file uploads/2020/06 but I cannot see what is in that file. If those cropped images are in that file, how can I delete them? Or: can I download that file to my laptop, so I can see the content of that file?
 
stippel404 said:
Are these images still in my file on Direct Admin? I have a file uploads/2020/06 but I cannot see what is in that file.
Click to expand...
directadmin has nothing to your website files, it's just interface. You can check dir uploads/2020/06/ manually from ftp/ssh or from DA filemanager.
 
stippel404 said:
okay, thanks, I will do that!
Click to expand...
I've access to my files now and I see that the file 2020/05, 2020/06, 2020/07 are empty. So the image upload/2020/06/cropped-intro-welcome-180x180.jpg is not in the file 2020/06? I don't understand why someone can use this image if it doesn't exist anymore. What can I do now?
 
he don't use it, he just ask your server to give it, and your server each time returns 404 error to him.
 
Zhenyapan said:
he don't use it, he just ask your server to give it, and your server each time returns 404 error to him.
Click to expand...
Hmm, very strange, by the way the server returns a 503 error to him.
I've looked all the files from 2020 till now, no cropped images found...
 
If you block his IP with the CSF firewall the 404 messages disappear too, as the connection will be dropped before wrriting anything to the logfiles.
 
Unifex said:
If you block his IP with the CSF firewall the 404 messages disappear too, as the connection will be dropped before wrriting anything to the logfiles.
Click to expand...
Hi, I don't know yet what the CSF firewall is, but I'm going to search more about that. Because it seems me awesome if this is the solution!
 
Okay almost a week later...:
My provider doesn't allow me to upload the software of the CSF Firewall or I have to take a VPS unmanaged subscription. That's not an option for me, so what's next?

I've studied more this week about the unpleasant visitors who try to hack my site. They often use the command https://myurl/wp-json/wp. I've tried the plugin https://wordpress.org/plugins/disable-json-api/, but my contactform also uses wp-jason or json so this doesn't work.

And - last but not least - there is still one visitor who uses the command wp-content/uploads. I cannot block him, because he is using different IP's, in the last week he comes form 14 different places in my country.

So now I want to look for a plugin or something like that in which I can give the order to ignore visitors who give those commands. Maybe one of you has a solution?
 
Bros, without csf firewall, your server's just a toys of hacker of around the world.

It useful for efficiency bruteforce/ddos detection. it better than dorectadmin BFM. because BFM do scanning delays every minute. but csf will block immediately in second.

BFM is just althernative for other bruteforce protection that's csf missing some detection like Modsecurity.
 
Ohm J said:
Bros, without csf firewall, your server's just a toys of hacker of around the world.
Click to expand...
Maybe they run a different firewall. As it is a managed server so they probably have something else. I also don't use CSF but a different firewall.

@stippel404
If you want to block these requests you can just add something in your .htaccess or if you want to block it only on your Wordpress you can install a firewall/security plugin to block the requests.

I would do something like this. Change the .htaccess for the images requests. So in you public_html the root of your wp site open the .htaccess file and just add redirect to the requests for these images. Blocking is not always needed.

Like this and replace it with your domain or wanted redirect url:
Code: 
Redirect 301 /wp-content/uploads//2020/06/cropped-intro-welcome-180x180.jpg https://replacethisdomain.com/
Redirect 301 /wp-content/uploads//2020/06/cropped-intro-welcome-32x32.jpg https://replacethisdomain.com/

About your wp-content/uploads you could add something like this in a new .htaccess in the uploads directory (wp-content/uploads) so they cannot browse in directory and only media files are allowed to view.
Code: 
Options -Indexes

<Files *.php>
deny from all
</Files>

You can do a lot with htaccess so if you want to block or do other things just search for wordpress and htaccess and it will help you finding your preffered htaccess input.
 
Hi, Stye, thanks for your message. I've an excellent provider, so I don't worry about the firewall.

The .htaccess commands are looking good, I didn't work with this before but I give it a try for the cropped images as the upload as well. I hope I can do this, if not, I will ask for help again, if you don't mind. Thanks!
 
stippel404 said:
Hi, newbee here.
I've started my website in 2020. Earlier this year, February 2024, I've decided to delete all my images of my website (the library was totally empty). After that I add new images to my pages. No problem, so far so good.
Now I have an unpleasant visitor who comes several hours a day on my website. He/she wants to see a cropped image I've used in 2020. I can see that in my Life Traffic: he tries the URL's ....upload/2020/06/cropped-intro-welcome-180x180.jpg or 32x32.jpg. Although I have blocked his IP-adress, I can see that he's still trying these URL's, on this moment for 100.000times in the last few weeks.

My question is: are these images still in the file on Direct Admin? I have a file uploads/2020/06 but I cannot see what is in that file. If those cropped images are in that file, how can I delete them? Or: can I download that file to my laptop, so I can see the content of that file? I hope someone can help me, no I'm not an expert at all, I learned all about making websites etc through forums like this one Check it out.

Thanks anyway for your help at advance.

Stippel4004
Click to expand...
Hi, A few years ago martin helped me with downloading files to my computer and deleting them on my server and today I am wondering if the following is possible. When my script downloads a file is it possible to have it remove anything else that is within that specific folder it downloads to, for example on my computer I might have D:\Work Files\document.docx and on the server a newer version of this will exist but it could have been saved as a different name or something like document-edit.docx is there a way for the script to download the file and then delete the file that was in that specific folder previously, the extension may not always be .docx, it could be a number of extensions including video files, images, excel spreadsheets.
 
kingstondouglas said:
is there a way for the script to download the file and then delete the file that was in that specific folder previously, the extension may not always be .docx, it could be a number of extensions including video files, images, excel spreadsheets.
Click to expand...
I very much doubt it or it must be custom made.

But this is not a forum to ask these kind of questions. This forum is for Directadmin license holders, not hosting customers. For problems with Directadmin, not website issues for customers.

You should contact your host for support.

And for other website/internet/user questions (also on downloading files), it's best to visit a site which is specialised in these kind of things like a computer forum or like webhostingtalk.com or for example stackoverflow.com which can also help you with scripts or creating scripts.
 
You must log in or register to reply here.
Back
Top