Comments on: How To Find Unprotected Website Directories & Get “Interesting” Files

By: LG

LG — Thu, 17 Sep 2009 20:39:38 +0000

I stumbled on this article looking for something else, and IMO it’s good ‘need-to-know’ info for any admin wanting to protect their directories. Thanks for this heads-up.

By: Eslopy Franklin

Eslopy Franklin — Tue, 11 Aug 2009 14:46:38 +0000

Nice Work Bro Continue The Good Work…

By: kmc212

kmc212 — Sun, 19 Apr 2009 15:21:11 +0000

“site:apple.com index of” results

http://www.google.com/search?q=site:apple.com+index+of&hl=en&safe=off&start=0&sa=N

By: kmc212

kmc212 — Sun, 19 Apr 2009 15:19:15 +0000

You can take it a step further by using the “site:” Web site search.

Type the following into the Google search field:

site:apple.com index of

look at the results. cool

By: wut

wut — Thu, 16 Apr 2009 22:28:55 +0000

I do not think this kind of open access is stealing- The parallel that was mentioned regarding stealing from an unlocked car is invalid.

I actually DID have something taken from my car before. That’s something entirely different because well- I don’t have that thing anymore- It was TAKEN.

If someone looks at a file, the owner would still have it. The more accurate parallel would be that if you leave your living room drapes WIDE OPEN (which a lot of people actually do) and someone driving past in a car on the street takes a brief look out of idle curiosity (hey, to see what the house owners are watching on TV… since the drapes are WIDE OPEN)

Even if this touches a gray area I think people are making it a bigger deal then it is. For example, would ANYONE leave their bank records in their own websites, even if they did bother put in an index.htm?

By: flink

flink — Thu, 16 Apr 2009 10:18:42 +0000

It’s much easier for most users to simply drop an index.htm or index.html file in that directory.

Alternatively, Apache’s config allows you to forbid directory scans.

By: Willblogforfood

Willblogforfood — Wed, 15 Apr 2009 04:44:24 +0000

If they didn’t want people in their directories they would protect them. This is a great article and it allows people to use Google to search for types of files they would be intersted in. It is perfectly acceptable to look at these files and teach people how to access them. For all you nay sayers you might not want to visit websites anymore on Google because the site owner might not want you on it. Files in directories are no different than websites and are out on the net for the public to view

By: Guy McDowell

Guy McDowell — Wed, 15 Apr 2009 00:31:55 +0000

Anybody with unprotected directories might want to look into .htaccess and how to use it to protect those directories. Just Google .htaccess.

By: penetrarthur

penetrarthur — Tue, 14 Apr 2009 19:05:07 +0000

This article would be okey if it wasn’t about “HOW TO HAX THE INTERNETS”, but about “how to improve your searching skills” or “how to google for more results”. You don’t have to change the body of the article, just the title.

By: JK the Fifth

JK the Fifth — Tue, 14 Apr 2009 16:57:57 +0000

Well I must say that this article was interesting and I am definitely going to try it ( just to test it ).

But this article should have been more like “how to protect your website directories by not being stupid and making an index file” ,or something like that.

And to all the other “commenters” : Its not that big of an issue, and I think most of MUO readers are smart and sensible enough to not use this trick to breach others’ privacy just for fun.

And unless this article reaches digg ( which seems very unlikely ), it is virtually harmless.