[wp-hackers] Google Code Search vs WordPress
Kirk Montgomery
clarke1866 at gmail.com
Fri Oct 6 03:12:34 GMT 2006
Google finds things if you use the Google Toolbar, even if nothing
links to it on the web. Don't think something can't be found simply
because no one has carved a path to it.
On 10/5/06, Dave W <dabbaking at gmail.com> wrote:
> It looks like it's not parsing the file on the server. It looks like a lot
> of people left the zip or tarball on the server with the config file in it.
> It's parsing the archive with the file in it.
>
> On 10/5/06, Ryan Duff <ryan at ryanduff.net> wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Bas Bosman wrote:
> > > Hi All,
> > >
> > > I just saw this come by on IRC:
> > >
> > http://www.litwc.com/2006/10/05/google-presents-code-search-and-its-threat-to-wordpress-security/
> > >
> > > Although people leaving their backups on their server isn't really
> > > WordPress' fault, I think we can expect to hear more from this.
> > >
> > > Kind regards,
> > > Bas Bosman (Nazgul)
> > >
> >
> >
> > Google's Spider will only find things that are linked to (thus, the name
> > spider). So, unless you're making a public repository of your database
> > backups and creating a link to that folder from your website you should
> > be safe.
> >
> > I can't speak for how its set up now, but I would imagine it would put
> > them in some directory outside of your web root or one where the
> > directory listing is denied to a browser via .htaccess. The latter is
> > most likely the case.
> >
> > - --
> > Ryan Duff
> > http://ryanduff.net
> > AIM: ryancduff
> > irc.freenode.net #wordpress #plogger
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.3 (Darwin)
> >
> > iD8DBQFFJZI6GRpzWYYIHQ4RApIYAJwMe/7kGK8pQg/oMObm3NdJ77xE4ACgl6QQ
> > Axk0+INzYqbaLcGrk/UxhDk=
> > =xHeh
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
>
>
>
> --
> Dave W
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list