Tryin' to Steal Your Autoresponder Database
I've noticed in my 404 logs that there were people got to one of my sites by doing a search for "index of /arp3" on Google.
arp3 is short for Autoresponse Plus, a very popular autoresponder script. (Two thumbs up and a bonus booty slap!)
There were over 1,000 results, and I clicked on a few of them to find some "arp3" directories didn't have a default page (ie. index.htm, default.htm, etc.) and the contents of that directory were viewable for all to see.
Luckily, the arp3 scripts and database aren't stored in these directories, but, I suggest y'all go through your stuff and make sure you have an index file or something in there so your individual files, scripts, and graphics aren't exposed to those who have less-than-honest intentions.
| #1. | |
| #2. | |
| #3. | |
| #4. |
Carmen,
Another way to get round this is to turn off directory indexing - the people will just see a page saying:
Forbidden
You don't have permission to access /arp3/ on this server.
Your host should be able to help you do this,
Andy
Posted by: Andrew Peacock on March 30, 2004 02:51 PMHi Andy,
I didn't even realize they did that... checked with my host, and sure enough, if you access a directory w/out an index file, you get that "forbidden" message. Cool!
Thanks for the info!
Posted by: Carmen on April 5, 2004 03:10 PMhttp://www.marketingchick.com/blog/mt-tb.cgi/31
Listed below are links to weblogs that reference 'Tryin' to Steal Your Autoresponder Database' from A Marketing Chick Diary.
