Hi all,
I noticed my mac mini webserver that I use to host my weathersite slowed considerably yesterday - after a lot of checking I saw in my webserver logs that an external site was downloading every file from every directory of my website - at one stage it was running the wxwugraphs.php and was downloading all it could using that script as well.
Has anyone else experienced something like this before?
Cheers
Was it downloading files that aren’t linked from your webpages?
It was downloading all sorts of files, including ones that ended in Buster=xxxx - I’ve seen these used in my webpages as a way to ensure a cached vesion isn’t fetched - it wasn’t a “normal” veiwer of my site accessing these - there were thousands of GET requests for the files including teh ones with Buester=xx …
I am wondering if someone was looking for a nifty way to put up their own website by copying your source codes, then converting them. Do you have somewhere on your web providers page a way to prevent this from happening? I know that a person’s root directory can be accessed by typing the url/and name of location of your parent address.
You can always set on your server if you want your directory listings available, I think you can also do it using htaccess. On my webhosting for example it is blocked and it is always better like this.
Can you attach a sample of the logfile? It would be interesting to see the IP and User Agent.
I just tried this one, it seems to block taglist.wd.txt to the Leuven-Template som how, the curr condition tex went away. sarotoga template seems ok.
just to info.
The first i would do is to take off the link to AWStats from the site and change the path to it as the link have been visible. They may be cool to have but are a security-risk to show to everyone.
Re directory-listings. There are a reason why the listings are set off as default in any realible webservers, security. Don’t give the hackers a free lunch with showing all the content of the directorys.
[quote author=Bj