[wp-hackers] Google Code Search vs WordPress
Dave W
dabbaking at gmail.com
Fri Oct 6 01:36:09 GMT 2006
It looks like it's not parsing the file on the server. It looks like a lot
of people left the zip or tarball on the server with the config file in it.
It's parsing the archive with the file in it.
On 10/5/06, Ryan Duff <ryan at ryanduff.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Bas Bosman wrote:
> > Hi All,
> >
> > I just saw this come by on IRC:
> >
> http://www.litwc.com/2006/10/05/google-presents-code-search-and-its-threat-to-wordpress-security/
> >
> > Although people leaving their backups on their server isn't really
> > WordPress' fault, I think we can expect to hear more from this.
> >
> > Kind regards,
> > Bas Bosman (Nazgul)
> >
>
>
> Google's Spider will only find things that are linked to (thus, the name
> spider). So, unless you're making a public repository of your database
> backups and creating a link to that folder from your website you should
> be safe.
>
> I can't speak for how its set up now, but I would imagine it would put
> them in some directory outside of your web root or one where the
> directory listing is denied to a browser via .htaccess. The latter is
> most likely the case.
>
> - --
> Ryan Duff
> http://ryanduff.net
> AIM: ryancduff
> irc.freenode.net #wordpress #plogger
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (Darwin)
>
> iD8DBQFFJZI6GRpzWYYIHQ4RApIYAJwMe/7kGK8pQg/oMObm3NdJ77xE4ACgl6QQ
> Axk0+INzYqbaLcGrk/UxhDk=
> =xHeh
> -----END PGP SIGNATURE-----
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
--
Dave W
More information about the wp-hackers
mailing list