Hi all.
Maybe that's a little bit offtopic, but it is somehow related to
security, so... :)
I'm wondering if there is a way to get an directory listing from apache
if there is an index.html available in that directory.
The story behind that question: I put a large file on the webserver that
was intended for download for a friend. The only one I told about this
file was this friend, and he said he didn't tell anyone about it.
Nevertheless since yesterday there have been some requests for this file
from various places in the world, not only germany, but also sweden and
switzerland, even one aol user accessed the file.
Imagine the following situation: given is a webserver (apache) that
answers to www.mydomain.tld, mydomain.tld and the ip address. All these
addresses show the same content when given to the browser: the
index.html in the root directory. Inside this index.html there is
nothing but a senseless picture and three words, no link, nothing else.
The large file is in the root directory as well, so it can be accessed
for example with http://www.mydomain.tld/large.file, but there is no
reference to this file, no link, nothing.
How can someone find out about it? Did I miss something in the
configuration? Am I completely stupid now? :)
Currently this is nothing bad - the file caused some traffic since last
night, but that's harmless. If they access the file now they see only a
suitable crafted webpage telling them to look elsewhere for the file.
But I'm curious how they found out about it... any ideas?
Bye, Mike
