We found this "Security Issue" real long time ago and used it by
ourself to find hidden pages.
The only thing you could do, is to harden the directory for Crawlers
with Mod_Rewrite or in the index.(php|pl|py|asp|etc) itself when you
check the Browser String. If it doesn´t contain somethin l
On Tue, Dec 11, 2012 at 5:58 PM, Christian Sciberras wrote:
> John (Cartwright),
>
>
> It is quite annoying to have a volley of bounce mail form
> non-existent/(re)moved mailboxes.
>
> Can't we somehow limit this? I recall in other newsgroups software, several
> bounced(reply) emails to a periodic
On Tue, Dec 11, 2012 at 5:53 PM, Christian Sciberras wrote:
> If you ask me, it's a stupid idea. :)
>
> I prefer to know where I am with a service; and (IMHO) I would prefer to
> query (occasionally) Google for my CC instead of waiting for someone to
> start taking funds off it.
> Hiding it only p
If you ask me, it's a stupid idea. :)
I prefer to know where I am with a service; and (IMHO) I would prefer to
query (occasionally) Google for my CC instead of waiting for someone to
start taking funds off it.
Hiding it only provides a false sense of security - it will last until
someone finds the
Hi guys,
thank you for your valuable feedback.
The question was raised, what prevents somebody to build a script to scan for
the robots.txt manually. Seriously, let's call it just common sense. The time
and effort invested does not pay off very well.
This is why google is very useful in that
On Tue, Dec 11, 2012 at 4:11 PM, Mario Vilas wrote:
> I think we can all agree this is not a vulnerability. Still, I have yet to
> see an argument saying why what the OP is proposing is a bad idea. It may be
> a good idea to stop indexing robots.txt to mitigate the faults of lazy or
> incompetent
I think we can all agree this is not a vulnerability. Still, I have yet to
see an argument saying why what the OP is proposing is a bad idea. It may
be a good idea to stop indexing robots.txt to mitigate the faults of lazy
or incompetent admins (Google already does this for many specific search
que
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2587-1 secur...@debian.org
http://www.debian.org/security/
December 11, 2012
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2586-1 secur...@debian.org
http://www.debian.org/security/
December 11, 2012
> If I understand the OP correctly, he is not stating that listing something
> in robots.txt would make it inaccessible, but rather that Google indexes
> the robots.txt files themselves,
Well, um, yeah - I got that.
So you are what, proposing that moving an open door back a few
centimetres so
Is this the case even when there is an entry in robots.txt for robots.txt
Philip Whitehouse
On 11 Dec 2012, at 12:22, Ulisses Montenegro
wrote:
> If I understand the OP correctly, he is not stating that listing something in
> robots.txt would make it inaccessible, but rather that Google index
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2585-1 secur...@debian.org
http://www.debian.org/security/
December 11, 2012
If I understand the OP correctly, he is not stating that listing something
in robots.txt would make it inaccessible, but rather that Google indexes
the robots.txt files themselves, and makes the contexts of those available
for query. So, in a way, they make it easier for Google search results
harve
Coldwind is right, u r talking about security through obscurity.
If u tell a pentester that u r using joomla and php together, he/she
will try .com/administrator
Since if u r ignorant and havent blocked access to it, your joomla
access page will show up and hydra/brutus will be able to take over
> /From/: Hurgel Bumpf
> /Date/: Mon, 10 Dec 2012 19:25:39 + (GMT)
>
> Hi list,
>
>
> i tried to contact google, but as they didn't answer my email, i do forward
> this to FD.
> This "security" feature is not cleary a g
'black hack' and hash...
--
-illwill
illw...@illmob.org
http://illmob.org
On 12/10/2012 2:17 PM, tig3rh...@tormail.org wrote:
In Deep Web has created a new online site a few days ago that a
On 2012-12-10 12:25, Hurgel Bumpf wrote:
> Hi list,
>
>
> i tried to contact google, but as they didn't answer my email, i do
> forward this to FD.
> This "security" feature is not cleary a google vulnerability, but
> exposes websites informations that are not really intended to be
> public.
>
> (
On 10/12/12 19:25, Hurgel Bumpf wrote:
> I tried to contact google, but as they didn't answer my email, I do forward
> this to FD.
> This shouldn't be a discussion about bad practice but the google feature
> itself.
I seem to recall that the robots.txt exclusion standard was fairly
common bef
On Mon, Dec 10, 2012 at 3:21 PM, James Lay wrote:
> On 2012-12-10 12:25, Hurgel Bumpf wrote:
> > Hi list,
> >
> >
> > i tried to contact google, but as they didn't answer my email, i do
> > forward this to FD.
> > This "security" feature is not cleary a google vulnerability, but
> > exposes webs
This is not a strong argument. When you opt out of marketing companies store
your email on a blacklist. It's necessary.
If the contents is publicly visible then it is not a good place to put such
information you highlight below.
Moreover it only needs to be in robots.txt if its browsable. If it
What we need is a robots2.txt that defines what users are allowed to access
the robots.txt file.
Problem solved.
On Mon, Dec 10, 2012 at 11:33 PM, Gynvael Coldwind wrote:
> Hey,
>
> > > Here is an example:
> > >
> > > An admin has a public webservice running with folders containing
> > > sensit
21 matches
Mail list logo