ftp> security >

For system help, all hardware / software topics NOTE: use Coders Corner for all coders topics.

Moderators: Krom, Grendel

Post Reply
User avatar
Isaac
DBB Artist
DBB Artist
Posts: 7737
Joined: Mon Aug 01, 2005 8:47 am
Location: 🍕

ftp> security >

Post by Isaac »

if im uploading thigns to a file on my ftp server on isaacg.net can other search the file names so they can get them off via http://
User avatar
fliptw
DBB DemiGod
DBB DemiGod
Posts: 6459
Joined: Sat Oct 24, 1998 2:01 am
Location: Calgary Alberta Canada

Post by fliptw »

depends on how your webserver is setup
User avatar
Isaac
DBB Artist
DBB Artist
Posts: 7737
Joined: Mon Aug 01, 2005 8:47 am
Location: 🍕

Post by Isaac »

well as far as a setup goes it dosen't seem like there would be a way to search for directories under [url removed]
Under google it looks like it only scans for things linked from the main index file.
User avatar
WillyP
DBB Ace
DBB Ace
Posts: 461
Joined: Sat Feb 11, 2006 9:57 pm
Location: NH
Contact:

Post by WillyP »

Search engines generally only look for your main page, then follow all the links from there. So, if you upload a file to a directory, and there is no link to it search engines will not find it, unless it is named main or index, I believe. But you if you knew the name of a file, or are a very lucky guesser, you can certainly access any page, or file, (that is not protected... you can limit access by changing the file's properties in your FTP) by typing it into the browser. It's not impossible to imagine someone with nothing better to do, writing a script and trying every possible combinations to see what he could find, but rather unlikely... Still, nothing is truly safe on the web.

You might be suprised to see what is availible thru a 'who-is lookup'.

Edit:
Hmmm... Google did find an untitled page under your domain... begins with: \"How to make a tree in 3ds max 8 and 9\"
User avatar
Isaac
DBB Artist
DBB Artist
Posts: 7737
Joined: Mon Aug 01, 2005 8:47 am
Location: 🍕

Re:

Post by Isaac »

WillyP wrote:Search engines generally only look for your main page, then follow all the links from there. So, if you upload a file to a directory, and there is no link to it search engines will not find it, unless it is named main or index, I believe. But you if you knew the name of a file, or are a very lucky guesser, you can certainly access any page, or file, (that is not protected... you can limit access by changing the file's properties in your FTP) by typing it into the browser. It's not impossible to imagine someone with nothing better to do, writing a script and trying every possible combinations to see what he could find, but rather unlikely... Still, nothing is truly safe on the web.

You might be suprised to see what is availible thru a 'who-is lookup'.

Edit:
Hmmm... Google did find an untitled page under your domain... begins with: "How to make a tree in 3ds max 8 and 9"
Image
Blast!! They've found my tree plans!!


Yeah im surprised at my company's web page on how if you had the correct link you could get EPP discounts tagged to services like nothing. Our only security is people don't post them online.
Sllik
DBB Ace
DBB Ace
Posts: 473
Joined: Thu Nov 05, 1998 12:01 pm
Location: Dallas, TX
Contact:

Post by Sllik »

Depending on which webserver software you're running, you have several options available. Apache is the most prevalent one (because it's free and has a large following), and you can a) make sure httpd doesn't allow directory browsing, then at the very least set up a .htaccess file for whichever subdirectory you want restricted. They'll at least challenged for a generic username and password at that point. There are lots of better solutions out there, but that one's quick and dirty.
Post Reply