HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 45 guests and 1 member online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Website Indexing
Ethical Hacker Community Forums
December 01, 2008, 10:51:48 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Website Indexing  (Read 1483 times)
0 Members and 1 Guest are viewing this topic.
curioustester
Newbie
*
Offline Offline

Posts: 1


View Profile
« on: May 21, 2008, 12:21:12 PM »
Hi,

I was going through IIS logs and and trying to figure out how hackers from the internet where able able find a directory/file that was hidden through obscurity.  I ran sensepost against the website and it indicates that the directories/site is not indexable.  So how did they find it.  The names were extremely uncommon. 

A friend with a great deal of experience tells me the indexing of website cannot be turned off and is part of the w3 standard. 

Any insight would be really appreciated.  I am really trying to figure out how this want found.  Thanks.
Logged
BillV
Hero Member
*****
Offline Offline

Posts: 868


View Profile
« Reply #1 on: May 21, 2008, 01:45:24 PM »
What do your logs show thus far?

Are there a bunch of requests like they were scanning for uncommon files?

GET /weirdname.htm
GET /weirdname2.htm
etc.

Was it simply accessed directly without any pre-attacks? Could it have been an inside job? Are there links anywhere on any of your pages that lead to these sites?
Logged
jimbob
Sr. Member
****
Offline Offline

Posts: 313



View Profile WWW
« Reply #2 on: May 21, 2008, 04:55:22 PM »
Quote from: curioustester on May 21, 2008, 12:21:12 PM
A friend with a great deal of experience tells me the indexing of website cannot be turned off and is part of the w3 standard. 

Indexing can be turned off, there is no standard to my knowledge which dictates that directory indexing must be enabled. Security by obscurity provides little in the way of protection.

If someone has accessed these 'hidden' files perhaps they knew the correct URL in the first place. Does the attacker try to guess the URL or do they go straight there?

Jimbob
Logged
geekyone
Full Member
***
Offline Offline

Posts: 123



View Profile
« Reply #3 on: May 21, 2008, 06:43:09 PM »
Do you have the directory/file hidden from indexing using the robots.txt file?  Maybe they tried all the directories listed there?
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.033 seconds with 22 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
During the most recent election, I:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.