[PLUG] BOTS & Hidden Directories
Kyle Accardi
sandbox at pacifier.com
Sat May 11 19:14:32 UTC 2002
sendai wrote:
> Well from your subject line I assume you are asking if a bot would know that
> the page existed. The answer is that no spider would, but if someone was
> running a bot that picked a page and then tried every possible sequence then
> yeah it would.
That's what I thought.
> As for general security, this is going to decrease your overall security and
> should technically be served by a DMZ box...
Good idea
> What I used to do if I wanted a web location to access my files from is use
> a 64-bit key for the url.
Another good idea.
> Yes, the accesses will be unique to the visitor. To make them come from
> pacifier you would have to get them to set up forwarding.
Okay, I won't worry about that then. I did notice that everyone's
public_html/ is world readable, so anyone with a shell account can snoop
around. Doesn't Apache allow for somewhat tighter permissions? The
default creation group is `user`. `apache` is also a member of this group.
Hmm
Cheers,
Kyle Accardi
who is really working outside
More information about the PLUG
mailing list