security recommendations question

[member]

The security recommendations say:
9. Use .htaccess files to protect against unwanted snooping
NOTE: This step is already largely addressed in v1.3.9, with the included .htaccess files. If you are using older versions of Zen Cart then you will have to do these settings manually:

I am running 1.3.9h.
I notice that when going to website/cache for example

I am getting:

Forbidden
You don't have permission to access /cache on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to

Should I put an index.html in the folders that do this or leave it alone?

Thanks

[DrByte]

Since it's already blocking you from getting in there, you don't need the index.html in there.

[member]

Is it ok to do so, that way people would not feel the need to try to get into these directories?

[DrByte]

Is it ok to do so, that way people would not feel the need to try to get into these directories?

I'm not sure I understand your question.

[member]

Usually if the page is not found, people get my homepage.

I assume they would just get a blank page if I had the index.html in those folders, or better yet my homepage (not sure which).

I would think that having a forbidden message would just give hackers the incentive to try to try to hack the directories.

I am basically asking if adding index.html into those directories would break anything.

Thanks for replying so quickly!

[DrByte]

It won't harm anything to add the index.html file to those folders. But, since the .htaccess in some of them completely prohibits access, doing so may be moot, and won't stop the "forbidden" messages.

While I understand your logic, it's also important to note that unless a hacker is absolutely convinced that there's a pot of gold inside worth spending time about, they're gonna move on to another place whose gates aren't so tightly locked. It's not worth their while to stay.

[member]

Thanks for letting me know. You are right, not much to gain from hacking into it. I just wanted to make sure about what was the best to do. I appreciate your taking the time to help.