[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

ot? apache directory listing mysteries



Hi all.

Maybe that's a little bit offtopic, but it is somehow related to security, so... :)

I'm wondering if there is a way to get an directory listing from apache if there is an index.html available in that directory.

The story behind that question: I put a large file on the webserver that was intended for download for a friend. The only one I told about this file was this friend, and he said he didn't tell anyone about it. Nevertheless since yesterday there have been some requests for this file from various places in the world, not only germany, but also sweden and switzerland, even one aol user accessed the file.

Imagine the following situation: given is a webserver (apache) that answers to www.mydomain.tld, mydomain.tld and the ip address. All these addresses show the same content when given to the browser: the index.html in the root directory. Inside this index.html there is nothing but a senseless picture and three words, no link, nothing else. The large file is in the root directory as well, so it can be accessed for example with http://www.mydomain.tld/large.file, but there is no reference to this file, no link, nothing.

How can someone find out about it? Did I miss something in the configuration? Am I completely stupid now? :) Currently this is nothing bad - the file caused some traffic since last night, but that's harmless. If they access the file now they see only a suitable crafted webpage telling them to look elsewhere for the file. But I'm curious how they found out about it... any ideas?

Bye, Mike




Reply to: