Centos httpd - google listing all folders?

Support for security such as Firewalls and securing linux
Post Reply
gacekssj4
Posts: 20
Joined: 2011/04/30 09:40:28
Contact:

Centos httpd - google listing all folders?

Post by gacekssj4 » 2011/10/05 00:45:17

Hello everyone

Today we were laughing with my friend about our old company. They had exposed files with important passwords to the google. But after that I checked my serwer... and had it same, except I do not hold such files there. But one important database was there!

[url=http://www.google.pl/#sclient=psy-ab&hl=pl&source=hp&q=site:seigi.dyndns.info&pbx=1&oq=site:seigi.dyndns.info&aq=f&aqi=&aql=&gs_sm=e&gs_upl=262482l262482l4l262710l1l1l0l0l0l0l0l0ll0l0&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=39407d949a236b6&biw=1920&bih=869]Look at this[/url]
[url=http://www.google.pl/#sclient=psy-ab&hl=pl&source=hp&q=site:seigi.dyndns.info+-anidb&pbx=1&oq=site:seigi.dyndns.info+-anidb&aq=f&aqi=&aql=&gs_sm=e&gs_upl=103060l104658l5l104874l9l8l1l0l0l0l189l929l0.7l8l0&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=39407d949a236b6&biw=1920&bih=869]And this[/url]

It's Sick!!! Where the hell from does google know about my files I never exposed to the world?

Do not tell me about robots.txt etc. since thats not the point of conversation.

Main fodler always had an index.php file, so it WAS NEVER listing directories. And they were able to list them? Not all, but i want to know where from it is?

The only way that comes to my mind is that i Entered invalid url into browser address bar and it redirected me to google, and google (without me seeing) redirected me to my folder...

any way to secure my httpd server from such leaks?

I'm freaking out here.... Already removed most sensitive data from there.

Best regards and thanks for fast replies in advance!

hawaiian717
Posts: 178
Joined: 2009/01/30 19:58:25
Location: California

Centos httpd - google listing all folders?

Post by hawaiian717 » 2011/10/05 15:49:56

The main folder had index.php, but what about any subfolders?

See the Indexes option here: http://httpd.apache.org/docs/2.2/mod/core.html#options

Post Reply