What we need is a robots2.txt that defines what users are allowed to access
the robots.txt file.
Problem solved.
On Mon, Dec 10, 2012 at 11:33 PM, Gynvael Coldwind gynv...@coldwind.plwrote:
Hey,
Here is an example:
An admin has a public webservice running with folders containing
This is not a strong argument. When you opt out of marketing companies store
your email on a blacklist. It's necessary.
If the contents is publicly visible then it is not a good place to put such
information you highlight below.
Moreover it only needs to be in robots.txt if its browsable. If
On Mon, Dec 10, 2012 at 3:21 PM, James Lay j...@slave-tothe-box.net wrote:
On 2012-12-10 12:25, Hurgel Bumpf wrote:
Hi list,
i tried to contact google, but as they didn't answer my email, i do
forward this to FD.
This security feature is not cleary a google vulnerability, but
On 10/12/12 19:25, Hurgel Bumpf wrote:
I tried to contact google, but as they didn't answer my email, I do forward
this to FD.
This shouldn't be a discussion about bad practice but the google feature
itself.
I seem to recall that the robots.txt exclusion standard was fairly
common before
On 2012-12-10 12:25, Hurgel Bumpf wrote:
Hi list,
i tried to contact google, but as they didn't answer my email, i do
forward this to FD.
This security feature is not cleary a google vulnerability, but
exposes websites informations that are not really intended to be
public.
'black hack' and hash...
--
-illwill
illw...@illmob.org
http://illmob.org
On 12/10/2012 2:17 PM, tig3rh...@tormail.org wrote:
In Deep Web has created a new online site a few days ago that allows
/From/: Hurgel Bumpf l0rd_lunatic () yahoo com
/Date/: Mon, 10 Dec 2012 19:25:39 + (GMT)
Hi list,
i tried to contact google, but as they didn't answer my email, i do forward
this to FD.
This security feature is
Coldwind is right, u r talking about security through obscurity.
If u tell a pentester that u r using joomla and php together, he/she
will try yourwebsite.com/administrator
Since if u r ignorant and havent blocked access to it, your joomla
access page will show up and hydra/brutus will be able
If I understand the OP correctly, he is not stating that listing something
in robots.txt would make it inaccessible, but rather that Google indexes
the robots.txt files themselves, and makes the contexts of those available
for query. So, in a way, they make it easier for Google search results
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2585-1 secur...@debian.org
http://www.debian.org/security/
December 11, 2012
Is this the case even when there is an entry in robots.txt for robots.txt
Philip Whitehouse
On 11 Dec 2012, at 12:22, Ulisses Montenegro ulisses.montene...@gmail.com
wrote:
If I understand the OP correctly, he is not stating that listing something in
robots.txt would make it inaccessible,
If I understand the OP correctly, he is not stating that listing something
in robots.txt would make it inaccessible, but rather that Google indexes
the robots.txt files themselves,
snipped
Well, um, yeah - I got that.
So you are what, proposing that moving an open door back a few
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2586-1 secur...@debian.org
http://www.debian.org/security/
December 11, 2012
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2587-1 secur...@debian.org
http://www.debian.org/security/
December 11, 2012
I think we can all agree this is not a vulnerability. Still, I have yet to
see an argument saying why what the OP is proposing is a bad idea. It may
be a good idea to stop indexing robots.txt to mitigate the faults of lazy
or incompetent admins (Google already does this for many specific search
On Tue, Dec 11, 2012 at 4:11 PM, Mario Vilas mvi...@gmail.com wrote:
I think we can all agree this is not a vulnerability. Still, I have yet to
see an argument saying why what the OP is proposing is a bad idea. It may be
a good idea to stop indexing robots.txt to mitigate the faults of lazy or
Hi guys,
thank you for your valuable feedback.
The question was raised, what prevents somebody to build a script to scan for
the robots.txt manually. Seriously, let's call it just common sense. The time
and effort invested does not pay off very well.
This is why google is very useful in that
If you ask me, it's a stupid idea. :)
I prefer to know where I am with a service; and (IMHO) I would prefer to
query (occasionally) Google for my CC instead of waiting for someone to
start taking funds off it.
Hiding it only provides a false sense of security - it will last until
someone finds
On Tue, Dec 11, 2012 at 5:53 PM, Christian Sciberras uuf6...@gmail.com wrote:
If you ask me, it's a stupid idea. :)
I prefer to know where I am with a service; and (IMHO) I would prefer to
query (occasionally) Google for my CC instead of waiting for someone to
start taking funds off it.
On Tue, Dec 11, 2012 at 5:58 PM, Christian Sciberras uuf6...@gmail.com wrote:
John (Cartwright),
It is quite annoying to have a volley of bounce mail form
non-existent/(re)moved mailboxes.
Can't we somehow limit this? I recall in other newsgroups software, several
bounced(reply) emails to
We found this Security Issue real long time ago and used it by
ourself to find hidden pages.
The only thing you could do, is to harden the directory for Crawlers
with Mod_Rewrite or in the index.(php|pl|py|asp|etc) itself when you
check the Browser String. If it doesn´t contain somethin
21 matches
Mail list logo