I know that subdirectories in public_html are accessible to the public on the web if you know their name (the name of the subdirectory). The question is whether there is any easy way to get at them if you do not know their name. Files in these subdirectories are conveniently accessible to you on the web, but how secure are they? Do web crawlers find them and make them accessible to a search even if they contain no html files?

See the best way to protect these subfolders is to chmod them to +750 - that way no one from the outside world can get to those directories - but your own files in the main directory can call them and read off them...

A good way of stopping bots from indexing these is to play around with the settings in robots.txt file OR

I'd suggest an alternative method - I find very useful. Create a completely blank index.html file with just <HTML></HTML> tags and place it in these directories. When the bots - or any random surfer gets to your directory by guesswork - they're forced to a dead halt right there with a completely blank page... Otherwise, say, if your directory contains only images, anyone can view all your images in a directory listing format by entering the whole URL+directory in the browser.. but having a blank index.html stops that completely. That way you don't even need to mess around with chmod. Simple but Very Effective

Regards,
m^e

There's an easy option... Just go to cpanel, click on index manager, and for each subfolder click on it and select 'no indexing' then people can't see all your files

Oh how cool I never knew that.. hehe.. thanks runef

All this is useful info, but....
Won't the chmod and blank index.html block my own easy access too? Does the 'no indexing' just block the web crawlers or does it just mean you cannot see the directory contents of the subdirectory?

The idea is to have a subdirectory only I know about so I can easily call it up on the web and as long as no one else knows the name of the subdir they cannot get to it. So I guess I just need to block the web crawlers since apparently (if I understand you) the index.html blocks public access to the directory listing of the public_html directory. So no one can find out the name of the subdirectory if they do not know it already, right?

how do the webcrawlers find it?

I dunno about the cPanel indexing thingie - my guess is that it writes some code into the robots.txt file with a "nofollow" so that directory wouldn't be indexed by the robots.

Webcrawlers, obviosuly index by following links... they cannot start making up random directory names - so in case u have some private folder deep within the public_html which only you know of .. give it some random hex name (like a4b1c8d0) or sumthing - and you've got some index.html/php in place in the root public_html folder (which doesn't have any sort of link to this dir or to any page containing links to this dir) - they no crawler can get to ur folder...

Still it is advisable that you place a small index.php script in this folder of yours that can ask for authentication - some password and only then let you into the dir.. that'd be a much better option..

Regards,
m^e

What you're asking for sounds rather difficult to do. The first step would be to stop Search Engines getting to it - robots.txt is the ideal way, but I don't know how else to help you there. Sorry I can't be of much assistance.

Search for "robots.txt" on the asta forums. NilsC wrote a two-part series on robots and their methodology - excellent articles. They should help you a lot along the way.

Regards,
m^e