HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 41 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Website Indexing
EH-Net
May 24, 2012, 05:00:56 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Website Indexing  (Read 3754 times)
0 Members and 2 Guests are viewing this topic.
curioustester
Newbie
*
Offline Offline

Posts: 1


View Profile
« on: May 21, 2008, 12:21:12 PM »
Hi,

I was going through IIS logs and and trying to figure out how hackers from the internet where able able find a directory/file that was hidden through obscurity.  I ran sensepost against the website and it indicates that the directories/site is not indexable.  So how did they find it.  The names were extremely uncommon. 

A friend with a great deal of experience tells me the indexing of website cannot be turned off and is part of the w3 standard. 

Any insight would be really appreciated.  I am really trying to figure out how this want found.  Thanks.
Logged
BillV
Hero Member
*****
Offline Offline

Posts: 1830


View Profile WWW
« Reply #1 on: May 21, 2008, 01:45:24 PM »
What do your logs show thus far?

Are there a bunch of requests like they were scanning for uncommon files?

GET /weirdname.htm
GET /weirdname2.htm
etc.

Was it simply accessed directly without any pre-attacks? Could it have been an inside job? Are there links anywhere on any of your pages that lead to these sites?
Logged
jimbob
Guest
« Reply #2 on: May 21, 2008, 04:55:22 PM »
Quote from: curioustester on May 21, 2008, 12:21:12 PM
A friend with a great deal of experience tells me the indexing of website cannot be turned off and is part of the w3 standard. 

Indexing can be turned off, there is no standard to my knowledge which dictates that directory indexing must be enabled. Security by obscurity provides little in the way of protection.

If someone has accessed these 'hidden' files perhaps they knew the correct URL in the first place. Does the attacker try to guess the URL or do they go straight there?

Jimbob
Logged
geekyone
Full Member
***
Offline Offline

Posts: 177



View Profile
« Reply #3 on: May 21, 2008, 06:43:09 PM »
Do you have the directory/file hidden from indexing using the robots.txt file?  Maybe they tried all the directories listed there?
Logged
CISSP, CEH, GPEN, GCIH, GCFA
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.268 seconds with 21 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.