Archive for December, 2006

Is your web server secure or are you unknowingly allowing access to all of your personal files?

Most universities in the United Stated provide server space for students and faculty to use for websites, homework, and various other reasons. While a great practice, it also creates very serious security risk when inexperienced computer users and improperly secured web directories meet. Many students use their personal web space to store resumes, pictures of family, class projects and many other personal items that contain very sensitive information. When the student places these files in an unsecured directory, the files are offered up to anyone who happens to browse the folder. Here is an example of what an unsecured Apache Server directory looks like to someone on the internet who is browsing your personal files after a very simple Google search.

Consider the possible ramifications of a student storing pictures of themselves, their resume including home address, phone number and email address. Those ramifications could very serious in today’s society with online predators.

There are a few different ways to combat the problem of open or unsecured directories but the easiest way is a slight modification to the http.conf file for Apache servers. By default Apache servers display the contents of a directory if the server does not find an index.html or similarly associated file. To make the needed correction webmasters should find a line in the http.conf file that looks very similar to this:

Options Indexes FollowSymLinks Includes

Remove the term Indexes. Save the http.conf file and restart your Apache server.

Now when an internet visitor navigates to a directory that doesn’t have an associated DirectoryIndex file the surfer will get a permission denied error instead of a listing of all the files on the server.

This guy is just good. There isn’t more to say about it than that. Forget how smart he is and what a great show they put on at the dailysearchcast.com, Danny Sullivan is just entertaining to listen to. He doesn’t say Uhh every 15 seconds, he cracks a few jokes, ( Come on, I am geek just like the rest of you, but it is damn hard to make Search Engine Marketing funny) and he keeps his show interesting. Danny Sullivan could easily be somewhere else doing a traditional radio show. That is assuming he wanted to take a pay cut. Check out Danny Sullivan at dailysearchcast.com and Digg Danny Sullivan.

Did everyone get their Google Christmas Card?