|
-
Jul 17th, 2001, 08:20 AM
#1
Thread Starter
Fanatic Member
how the h*ll did he do that
I have a few sensitive files on my web server, they hold the passwords to the db etc.
they have the file extension .data which I have blocked for http access in the .htaccess file
there is no directory browsing on my server.
I was looking through my http error log and someone tried to download the .data files. but the thing that kicked me was that someone knew the names of all the files, how the hell did they get the names of the files!!!!
Kurt Simons
[I know I'm a hack but my clients don't!]
-
Jul 17th, 2001, 08:21 AM
#2
Member
Maybe a friend? If you're running Windows, the only way to secure your computer is to unplug it. 
-
Jul 17th, 2001, 08:24 AM
#3
Thread Starter
Fanatic Member
Its a linux computer....
If it was a windows box I wouldn't be asking this question.
the FTP access log shows nothing.
SMB is blocked
if someone got in via SSH or something they would have been able to read the files they wouldn't have needed to try to get them via HTTP.
I just hate the feeling that I have no concept of security, even when I do my best to lock down files.
Kurt Simons
[I know I'm a hack but my clients don't!]
-
Jul 17th, 2001, 11:12 AM
#4
Black Cat
Could your naming method be predictable? Did they only request good names or were there some other attempts in there too?
If you're running Windows, the only way to secure your computer is to unplug it
In the hands of a knowledgable and proactive administrator, Windows NT/2000 is just as secure as Linux...
Josh
Get these: Mozilla Opera OpenBSD
I have books for sale: "MCSD in a Nutshell" and "VB Distributed Exam Cram" - PM me for details. Will also trade for a decent ATX Pentium 2 MB/CPU/RAM combo.
-
Jul 17th, 2001, 11:22 AM
#5
Thread Starter
Fanatic Member
there were 4 files....
he hit all 4 in a row.
i could have called them 4, 5, 6, 7 and I still would have been inpressed
Kurt Simons
[I know I'm a hack but my clients don't!]
-
Jul 17th, 2001, 07:31 PM
#6
If he did a view source on your code in his browser, could have have seen the reference to those files?
-
Jul 17th, 2001, 10:59 PM
#7
Thread Starter
Fanatic Member
it was a php script... nothing useful is sent to the browser.
Kurt Simons
[I know I'm a hack but my clients don't!]
-
Jul 18th, 2001, 01:59 AM
#8
Hyperactive Member
It might be a spider reading your directories. I'm not sure exactly how the google search works, but I find that they are able to index all files (even blocked files) in an httpd directory. So I am sure there are others. We have the same type of things showing up in our access logs, and after some investigation, and experimentation, we decided to just shut the server down to outside traffic, and access all information necessary for public view through separate, trusted, server.
Just a thought.
-
Jul 18th, 2001, 06:41 AM
#9
Thread Starter
Fanatic Member
Interesting... if you told me this before I had this problem I would have thought you were nuts. When you say index all files you mean filename or content?
Kurt Simons
[I know I'm a hack but my clients don't!]
-
Aug 12th, 2003, 03:58 AM
#10
Addicted Member
i'm quite new but i think i have seen something like that in which someone used a software which downloads all the files from the web server try searching on cnet.com you will hit some !
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote