homepage Welcome to WebmasterWorld Guest from 54.234.0.85
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Block FlashGet Site Explorer (spying your webserver directories)
spying your webserver directories
robertico

5+ Year Member



 
Msg#: 4444 posted 11:20 am on Aug 25, 2005 (gmt 0)

The download manager FlashGet (former JetCar) has a feature called "Site Explorer".

With "Site Explorer" you can browse through the directories of your web server (Apache).

FlashGet's "Site Explorer" fakes a Windows 98 system with IE
"GET / HTTP/1.1" 200 20385 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"

With "Site Explorer" and the download manager FlashGet you can download everything that's displayed in "Site Explorer" (images, php-files etc)

From the manual:
The Site Explorer lets you explore FTP or HTTP servers. The site explorer acts much like a Windows Explorer.

Quick Info:
Just type in a URL into the address bar to start browsing!
Double-click any files to download them (or open the directory).

What can we do to prevent this. Some directories must have read rights to operate.

Regards,

Robertico

[edited by: jdMorgan at 8:28 pm (utc) on Aug. 25, 2005]
[edit reason] removed URL per TOS. [/edit]

 

Xuefer

10+ Year Member



 
Msg#: 4444 posted 11:27 am on Aug 25, 2005 (gmt 0)

ban "MSIE 5.00"

Leosghost

WebmasterWorld Senior Member leosghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4444 posted 11:30 am on Aug 25, 2005 (gmt 0)

Spammy here today isn't it ...

robertico

5+ Year Member



 
Msg#: 4444 posted 11:32 am on Aug 25, 2005 (gmt 0)

What about normal users with "MSIE 5.00"

robertico

5+ Year Member



 
Msg#: 4444 posted 11:38 am on Aug 25, 2005 (gmt 0)

It's a serious question and has nothing to do with spam.
I give as much information as possible so you can see it's true.
I really appreciate a solution. I already tried Options -Indexes, but that doesn't work.

DanA

10+ Year Member



 
Msg#: 4444 posted 12:45 pm on Aug 25, 2005 (gmt 0)

When you have index.html (or default.html or index.htm ...) in each (sub-)directory, then a 404 error redirection in .htaccess, the listing of files doesn't show and the user can only download the files he knows about.

Leosghost

WebmasterWorld Senior Member leosghost us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4444 posted 12:57 pm on Aug 25, 2005 (gmt 0)

It's a serious question and has nothing to do with spam.

Should n't have linked to it then ..please read the tos before posting ..especially when asking for help ...

the post reads like a precis of their press handouts ..

robertico

5+ Year Member



 
Msg#: 4444 posted 1:08 pm on Aug 25, 2005 (gmt 0)

[Leosghost]
Sorry about that. I posted the link only for completeness, so that you can try it yourself.

[DanA]
I have a html file in each directory.
With a "normal" brower you are right, but FlashGet "Site Explorer" shows a directory listing even when there's an index.html (or what ever) in that directory.
Only password protected directories are not accessible (not hidden!)

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4444 posted 8:33 pm on Aug 25, 2005 (gmt 0)

Robertico,

If a client cannot be effectively blocked by IP address or by user-agent, then it can often be blocked behaviourally. Two useful scripts have been posted here, one of which uses a honeypot approach, and the other which uses a rate-of-requests detection approach. I would think that either of them would be able to stop this client. See [webmasterworld.com...] message #9.

Jim

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved