robots.txt.advisory

robots.txt.advisory: Posted Feb 1, 2000; Authored by Neeko; Sometimes administrators put directories in robots.txt that they want to hide from the search engines, without securing the directory. Sometimes the directories in robots.txt have interesting things in them.; tags | paper; SHA-256 | 8cd25df885343c07873c734d6dff7a63f38d84a3bfe29d8a677a4592abd2db5d; Download | Favorite | View

robots.txt.advisory

                                           _
                           _ __   ___  ___| | _____
                          | '_ \ / _ \/ _ \ |/ / _ \
                          | | | |  __/  __/   < (_) |
                          |_| |_|\___|\___|_|\_\___/
                                                 _
                  _ __  _ __ ___  ___  ___ _ __ | |_ ___
                 | '_ \| '__/ _ \/ __|/ _ \ '_ \| __/ __|
                 | |_) | | |  __/\__ \  __/ | | | |_\__ \_ _ _
                 | .__/|_|  \___||___/\___|_| |_|\__|___(_|_|_)
                 |_|

    [This document best viewed at 80x25-- *cough* lynx]

[The Problem]-------------------|
The various coders of webspiders(robots) created a sort of "standard",
many webservers will contain a /robots.txt (http://example.com/robots.txt)...
In it are defined a list of directories a spider should not access.
Well, although not a problem within itself, lazy admins may add otherwise
unprotected directories to robots.txt believing noone would stumble across
them.  (ie. your favorite porn site.)

[Vulnerability Level]-------------------|
Not horribly high, it's more of a "you can find wierd shit scanning for
robots.txt" kind of problem than a script kiddie rootshell.com issue.
You _will_ find some wierd things if you look...

[What to do]-------------------|
Admins: Make sure all the directories you don't want accessed by random
surfers are .htaccess'd (or the equivalent).
Kids: Modify some of those lame cgi-bin scanners and see if you can find a 
few of the "Reporters and Stock holders Only" sections I've found.
(More harmless than rooting boxes, right?)

[Oops!  I'm sorry]-------------------|
I've been sitting on this for ages for several reasons,
for one, I'm lazy.  And the other (much more acceptable) reason would be
that I thought it to be rather common knowledge...

[References]
Only one,
   Linkname: A Standard for Robot Exclusion
   URL: http://info.webcrawler.com/mak/projects/robots/norobots.html
More information on the format of robots.txt, etc.

   [[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

            Another (quality?) advisory from neeko. 
            Contact me at: neeko@mc2.nu
  Chill with some poetry.... http://www.angelfire.com/ca/optik9/poems.html

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 63 files
Debian 34 files
Gentoo 32 files
LiquidWorm 10 files
malvuln 7 files
nu11secur1ty 7 files
Ahmet Umit Bayram 4 files
Adam Gowdiak 4 files
gabe_k 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,038)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,583)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,746)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,492)
UNIX (9,397)
UnixWare (187)
Windows (6,657)
Other

robots.txt.advisory

robots.txt.advisory

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

robots.txt.advisory

Share This

robots.txt.advisory

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems