On 12/22/2011 02:23 AM, Reindl Harald wrote: > /admin is nothing any skript-kiddie would not try first without > need "robots.txt", and for "good" robots a hint if anything > links on a more or less public document in this folder taht > it should not be found via google.com > > iy i want to PROTECT things then NOT with "please do not read" :-)
/admin might not be something a kiddie wouldn't try out anyway. But this case is quite specific to your setup. Others might have more uncommon directories in the robots.txt which should be flagged. The scanner doesn't know if /admin or /myprivatedocs is something worth to report or not but you know as you know your setup. I think the way to go is in general to make a override of the thread if it doesn't match with your risk assessment. On the other side I agree that robots.txt is not a medium risk but would rather mark it "Low" than "None" for the reason stated above. Christian _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
