News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Just did a Google search for

Started by MrFlicks, July 09, 2007, 07:42:52 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

MrFlicks

July 09, 2007, 07:42:52 PM
tvworlds.com/forum

and came across this page in second place

http://www.tvworlds.com/forum/Themes/default/images/

Is this a security problem and if so what do i do about it?
MrFlicks
Double T Teds ®™ 6028 Cartoon Characters www.doubletteds.com

www.tvworlds.com/forum (My SMF Forum)

www.HostTed.net www.AffiliatTed.com www.TransactTed.com www.Tted.co.uk

Smith6612

#1
July 09, 2007, 07:49:33 PM
It's not really a security problem. If I were to search up my site on any well-known engine, it'd come up with stuff like that. All that is is a directory listing of the files.

MrFlicks

#2
July 09, 2007, 08:59:51 PM
Ok Thing is though I once came across someone who does searches for these sort of pages in order to steal files and scripts etc from sites.

I spent a couple of hours one afternoon myself a couple of years back doing similar searches just to see what i could find and managed to access some rather sensitive files for some top US institutes and Gov departments that I would rather not go into too many details of here or anywhere else for that matter.

So is it not possible to stop pages like this appearing on the Search engines then?
MrFlicks
Double T Teds ®™ 6028 Cartoon Characters www.doubletteds.com

www.tvworlds.com/forum (My SMF Forum)

www.HostTed.net www.AffiliatTed.com www.TransactTed.com www.Tted.co.uk

Smith6612

#3
July 09, 2007, 09:25:50 PM
It is possible... if you know how to write robots.txt files, or better yet, set your server so that users cannot see directory listings. All Apache servers have the ability to do that, so you shouldn't have a problem with doing that (if you know how to set it of course  ;).

tumbleweed

#4
July 09, 2007, 09:32:56 PM
Just make all your main webroot folders with "no indexes" allowed.

tumble
G.C. SOLUTIONS - Hosting Quality Sites Since 2006. Experience Your Forums On A Whole New Level
Elastic Sites Stress Fast CPU/Ram Upgrades- More Info Here.
Reviews By SMF Forum Owners - Read Our Rev

MrFlicks

#5
July 10, 2007, 08:49:14 AM
Thanks guys will have to see about getting that sorted out.
MrFlicks
Double T Teds ®™ 6028 Cartoon Characters www.doubletteds.com

www.tvworlds.com/forum (My SMF Forum)

www.HostTed.net www.AffiliatTed.com www.TransactTed.com www.Tted.co.uk

tumbleweed

#6
July 10, 2007, 01:31:15 PM
If you do it correctly and have the right security on your server it should look like this when you click on the path.

I will use my forums path to the same folder as a example:

http://www.gotcanyons.net/gc/Themes/default/images/

tumble
G.C. SOLUTIONS - Hosting Quality Sites Since 2006. Experience Your Forums On A Whole New Level
Elastic Sites Stress Fast CPU/Ram Upgrades- More Info Here.
Reviews By SMF Forum Owners - Read Our Rev

Harro

#7
July 10, 2007, 02:12:53 PM
Or just upload a blank index.html file
That works as well ;)

tumbleweed

#8
July 10, 2007, 02:17:29 PM
Quote from: Harro on July 10, 2007, 02:12:53 PM
Or just upload a blank index.html file
That works as well ;)

yepper that does the trick as well.

tumble
G.C. SOLUTIONS - Hosting Quality Sites Since 2006. Experience Your Forums On A Whole New Level
Elastic Sites Stress Fast CPU/Ram Upgrades- More Info Here.
Reviews By SMF Forum Owners - Read Our Rev

msa027

#9
July 10, 2007, 10:18:30 PM
change the permission on your page to not allow it to be "read" except by you
hxxp:www.nbawatcher.com [nonactive]

niko

#10
July 11, 2007, 01:01:00 PM
Quote from: msa027 on July 10, 2007, 10:18:30 PM
change the permission on your page to not allow it to be "read" except by you

Then any images can't be shown.
Websites: Madjoki || (2 links retracted by team, links out of date and taken over.)
Mods: SMF Arcade, Related topics, SMF Project Tools, Post History

WIP Mods: Bittorrent Tracker || SMF Wiki

Ricky.

#11
July 14, 2007, 01:17:26 AM
or simply place a blank index.html file there :P

Dannii

#12
July 14, 2007, 01:42:15 AM
Add this to a file called robots.txt and put it in your root forum directory.
Code Select
User-agent: *
Disallow: /Themes/
"Never imagine yourself not to be otherwise than what it might appear to others that what you were or might have been was not otherwise than what you had been would have appeared to them to be otherwise."
Print
Go Up Pages1
User actions
Advertisement: