Every once in a while, someone will come along and try to snoop through your web directory. What they’re looking for can often vary, but most times, you don’t want them snooping. After all, if you wanted them to find it, you would have put it on your site for them somewhere or linked to it. I’m going to show you how to stop the snoops. (If you’re wondering about the “retards” thing, keep reading)
What is this “snooping” and how is it done?
The concept is simple. Check out this live example. Suppose you stumble across this image of kittens:
http://unseeable.nfshost.com/kittens/100_0385.jpg
AWWWW. Being a huge softie for kittens (like me), you decide you want to snoop around for more images, so you right click on the image on whatever web site it’s on and choose “Properties” to see the image URL. Then you type or copy that image URL to a new browser window and tab and remove the file name like this:
http://unseeable.nfshost.com/kittens/
Jackpot! That’s a wide open directory of images! Now imagine they’re YOUR images. Now imagine they’re something you don’t want the whole world to see, but just people you give specific URLs to. Get the idea?
No Way! I want to block those snoops!
That’s easy enough. Ultimately, the easiest way to do this is to just put a blank index.php or index.htm page in the directory. If you do that, the snoop gets that default page instead of a listing of images. This has been done an a number of humorous ways over the years, but I found one of the funniest today when I was snooping around on Caveman Conclusion. I wanted to poke through his images and was using his site as a guinea pig for a somewhat related project I’m working on, so I tried viewing http://www.cavemanconclusion.com/wp-content/uploads/2008/01/. Instead of an index of files, I got this :
No matter what you type in, it tells you that you are a retard. It’s not very P.C., but it’s damned funny.
Even if you do this, it won’t protect you from my image snoop tool, so name your images creatively, or better yet, keep those private images off the web.
No related posts.
del.icio.us
Stumble it!
on January 5th, 2008 at 9:24 pm
It’s amazing how many holes people leave in their sites. I have searched for issues I have found on my site before, such as error messages and found major sites with the same issues that have been in that condition for a while. I used to email site owners, but I run into way too many any more.
on January 5th, 2008 at 11:34 pm
That is funny! I use Adsense on my 404 page :)
on January 6th, 2008 at 2:17 am
Stephan: I know what you mean… There’s more and more people with websites and blogs who don’t know much about computers, so they lack the knowledge to make their blogs and sites secure.
on January 6th, 2008 at 2:18 am
LiveCrunch: Good idea. I had a typo domain that just had online casino ads on it and it paid my rent for a couple months.
on January 6th, 2008 at 7:24 am
I love the Caveman.
Do you sell your services to go to a website (like, say, MINE) to see if there are any ‘retard’ holes in it? Because I’m a total internet retard…I bought a blog platform from typepad and just type on it basically…and although I have nothing private on there, it would be nice to know it wasn’t some kind of wide open cream pie victim site!
on January 6th, 2008 at 9:41 am
Joe,
Maybe it is just me but your blog seems to be broken. For instance, clicking on “Contact” doesn’t bring up the contact page, instead it brings up the home page with the contact link in the navigation toolbar. Same thing for “Next Page” etc. Just a little heads up. Was going to send you a message using the Contact page but well you can see my issue. :)
on January 6th, 2008 at 1:28 pm
Karen: I’ll take a look. Being on a hosted blog, you’re probably OK, but I’ll let you know if I find anything.
on January 6th, 2008 at 1:29 pm
Susan: I don’t know what happened there. I’m shopping for a new server, and I’ll be looking at some of the quirky things this site does when I move it. Thanks for the heads up. It seems OK now.
on January 6th, 2008 at 2:32 pm
Awww s*it. More stuff I gotta worry about? Where do I put this blank file? In the same directory as the pictures?
on January 6th, 2008 at 3:21 pm
Simple Mindz: Any directory that does not already have an index file in it should get a blank index file (or one with something funny like Caveman did). This is only needed if directory listing is turned on, but it’s good to make a habit of it anyway. To see if directory listing is turned on, just head to the directory in a web browser. If you get a “403″ error, you’re fine. If you see all your files, you have directory listing on.
on January 6th, 2008 at 7:39 pm
Thanks Joe. Think I fixed it. When/if you get a chance, can you check mine out. Think I got all bases covered!
on January 6th, 2008 at 11:07 pm
Good information to know! Luckily, I don’t put anything up that I don’t want people to see ;)
BTW, to the un-PC stuff is always the funniest to me… my brother is retarded so I’m allowed to say retard, right?
on January 7th, 2008 at 5:30 am
Mary: I don’t know about the PC stuff. Really, I guess it’s a matter of individual perspective.
on January 11th, 2008 at 1:01 pm
whoa!! What a trip!!! Wish I was more pc savy!!!