Hello everyone
Today we were laughing with my friend about our old company. They had exposed files with important passwords to the google. But after that I checked my serwer... and had it same, except I do not hold such files there. But one important database was there!
[url=http://www.google.pl/#sclient=psy-ab&hl=pl&source=hp&q=site:seigi.dyndns.info&pbx=1&oq=site:seigi.dyndns.info&aq=f&aqi=&aql=&gs_sm=e&gs_upl=262482l262482l4l262710l1l1l0l0l0l0l0l0ll0l0&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=39407d949a236b6&biw=1920&bih=869]Look at this[/url]
[url=http://www.google.pl/#sclient=psy-ab&hl=pl&source=hp&q=site:seigi.dyndns.info+-anidb&pbx=1&oq=site:seigi.dyndns.info+-anidb&aq=f&aqi=&aql=&gs_sm=e&gs_upl=103060l104658l5l104874l9l8l1l0l0l0l189l929l0.7l8l0&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=39407d949a236b6&biw=1920&bih=869]And this[/url]
It's Sick!!! Where the hell from does google know about my files I never exposed to the world?
Do not tell me about robots.txt etc. since thats not the point of conversation.
Main fodler always had an index.php file, so it WAS NEVER listing directories. And they were able to list them? Not all, but i want to know where from it is?
The only way that comes to my mind is that i Entered invalid url into browser address bar and it redirected me to google, and google (without me seeing) redirected me to my folder...
any way to secure my httpd server from such leaks?
I'm freaking out here.... Already removed most sensitive data from there.
Best regards and thanks for fast replies in advance!
Centos httpd - google listing all folders?
-
- Posts: 184
- Joined: 2009/01/30 19:58:25
- Location: California
Centos httpd - google listing all folders?
The main folder had index.php, but what about any subfolders?
See the Indexes option here: http://httpd.apache.org/docs/2.2/mod/core.html#options
See the Indexes option here: http://httpd.apache.org/docs/2.2/mod/core.html#options