Hi,

I have installed Kunena in a closed section of my Joomla site to which only registered users have access.

I now notice that when those users attach files to posts, these files are accessible without registering once you know the name of the file, because the standard directory in which these attachments are stored by Kunena is not protected (/images/fbfiles/files/[name of the file]).

How can I solve this?

/Gompie

Hello,

With a bit of search, you can find anything : www.kunena.com/forum/advsearch?q=hide+at...=1&childforums=1

Hi,

Ok, thanks (and sorry: must have used wrong search terms), but: I installed the 1.5.7 patch (I am still running the 1.5.7 version) and found the new configuration items in the backend (show images/attachement for guests = 'no'), but the files are still available; is this only valid for new posts or what?

/Gompie

Hi,

I have upgraded to 1.5.9 now, but it's still not working (using the 1.5.7. patch)...

Any ideas?

/Gompie

Hi

Installed the 1.5.8 patch now over the 1.5.9 and even tried the Dutch 1.5.9 Ultimate version as suggested, but still no solution (the Dutch 1.5.9 Ultimate version even gave an error in a language file after installing, apparently the uninstall doesn't really delete everything), but I guess those patches suit their purpose, but not mine: it all comes down to the fact that Kunena stores attachments to posts in a public Joomla directory /images/fbfiles/files and there's no way to change that ...

/Gompie

I haven't tried this myself yet because I never had any need for it, but here is what I think can work for you:

Prevent direct (hot) linking to files in your .htaccess file. This requires visitors to view the files inside the forum. You can apply this "trick" to other Joomla! components as well.

Lots of examples on how to configure an htaccess file contain a section for disabling hot linking.

That's the first one Google spits out: www.javascriptkit.com/howto/htaccess10.shtml

Hi,

Thanks, I already tried that, but that means that registered users, once inside the forum will have to use an extra login to get access to those files also and that's a bit annoying ...

/Gompie

Hello,

I don't undserstand where is the source of the issue, but you can try the changes that i have made for K1.5.9 :

Hi,

Thanks, I upgraded, but the problem remains ...

The issue is this: http://www.cannedit.net/images/fbfiles/files/test.doc

I know: it only works in case you have the exact filename, but still ...

Kunena should in my opinion not store attachments in a subdirectory of a public Joomla directory and should at least offer in the configuration panel in the backend the opportunity to change the standard directory for storing attachments.

/Gompie

If, the user know the link he can download it, but i think there are no ways to prevent this.