Big Casino meaning Jimmy Eat World,Y777 jili register download.REGISTER NOW GET FREE 888 PESOS REWARDS!

martytdx
(@martytdx)

18 years, 5 months ago

Has anyone seen this?

https://www.google.com/codesearch?q=+file:wp-config.php+username&start=20&sa=N

basically, if you do a search for file:wp-config.php username, you can get returned files (mostly from zipped backups) that reveal the username and passwords of some WordPress users – or at least it appears that way. If valid, what are the methods to block this from happening?

Viewing 5 replies - 1 through 5 (of 5 total)

whooami
(@whooami)

18 years, 5 months ago

yes its been discussed already..

dont want to see your files on google, dont save your backups to a publically accessable directory?

backups arent meant to be kept on the server anyway, that defeats the purpose of a backup, after all. server dies, backup dies. backups are meant to be downloaded and then deleted off the web space.

its common sense actually.

Thread Starter martytdx
(@martytdx)

18 years, 5 months ago

True, but how many people use things like CPanel or similar things that can create automatic backups … and which end up on the same server simply because they don’t know better? Those are the people that will end up having their blogs at risk.

whooami
(@whooami)

18 years, 5 months ago

umm, oke and?

Rather than blather on first about I happen to feel that experience isnt an excuse, nor is this a WP specific issue (its already been mentioned on 2 other sites).

Ill address your question (again) first:

If valid, what are the methods to block this from happening?

Dont allow backups to sit in publically accessable directories.

—

Why is that the answer and not something like a robots.txt block on google?

1. Because the people that dont get that those files are publically accessable, wont get what a robots.txt is for any better.

2. Because creating a robots.txt file might actually be more work than not leaving the file(s) on the server.

Its an unfortunate fact that often times Internet life mimics real life — by that I mean that people that cross the street before looking both ways might get by a car. The same holds true on the ‘net — inexperience, NOT educating yourself, etc.. are not excuses..

Philosophically speaking, we could all do without some of the more stubbornly ignorant web masters that exist right now. It would prolly make the ‘net a safer place for those of us left behind.

——–

Besides, youve actually minimized the problem some, as the current practice among most hosts is to assign the same username/passwd combo to everything, ftp, mysql, etc.. So its not just a blog that is at risk, it might be everything.

Ive always said, “Google knows all”

Thread Starter martytdx
(@martytdx)

18 years, 5 months ago

LOL … I agree, ignorance is NOT an excuse, and Google is only doing what Google does – providing the tools. How people use them is a whole other story. Thanks for the reply – well thought out and right to the point.

whooami
(@whooami)

18 years, 5 months ago

oh, and i got to thinking.. the default option in cpanel does not save backups to web accessable dirs. Theyre saved to your “home” directory which is typically above web_root

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘wp-config files showing in Google Code Search’ is closed to new replies.

wp-config files showing in Google Code Search

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics