I was looking at the stats for mimor.be and I was a bit surprised to see these easy attempts to compromise data from the website.
There were several 404 errors returned on files with names such as:
The fact that some people put effort & time in such web-crawling means that they have results on this.
So folks, plz stop putting database-files & backup-files in your publicly-accessible folders! This is the only remedy against such “attacks”.
Whilst I’m on web-security, let me remind you of some other dangerous things when hosting a website:
- Use SFTP instead of FTP! (FTP sends data & passwords unencrypted over the big bad Internet).
- Do not use password protected directory’s on Microsoft IIS servers.
- Manage Database and web/ftp users on a strict base. (unused logins should be removed).
- Keep an eye on the log-files of the server.
- If you don’t know how to program, first learn it!
- Be careful when installing plug-ins/scripts from someone else. First review the code and user comments on it!
- Remove unused packages/software/scripts from the server, they might form a major security leak.
- Do not put passwords and other personal data on free webhosting spaces.
- Be careful what tools you use. Some, such as Filezilla store usernames, passwords and other valuable credentials in an xml file (clear text) in an unencrypted directory.
- etc …
These are security issues that are verry common, as most people tend to think that a safe hosting/code is enough to secure a website.