Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

robot.txt vs Robot meta tag Rate Topic   - - - - -

 
  • Earl
  • Member
  • Members
  • Join Date: 30-Oct 07
  • 44 posts

Posted 16 February 2008 - 05:53 PM #1

Hi,
I recently performed a check on my server with nessus and got some interesting findings, see the results as it relates to robot.txt.

Synopsis : The remote web server contains a 'robots.txt' file. Description : The remote host contains a file named 'robots.txt' that is intended to prevent web 'robots' from visiting certain directories in a web site for maintenance or indexing purposes. A malicious user may also be able to use the contents of this file to learn of sensitive documents or directories on the affected site and either retrieve them directly or target them for other attacks. See also : http://www.robotstxt.../exclusion.html

Solution : Review the contents of the site's robots.txt file, use Robots META tags instead of entries in the robots.txt file, and/or adjust the web server's access controls to limit access to sensitive material.

Risk factor : None Contents of robots.txt : User-agent: * Disallow: /classes/ Disallow: /images/ Disallow: /skins/ Disallow: /payments/ Disallow: /image.php Disallow: /admin.php Disallow: /store_closed.html Other references : OSVDB:238


The interesting part is the listing of the admin.php file, while you should rename your admin.php, it would also be a good idea to use robot meta tags.
Earl
Cs-Cart 1.3.5 sp2 | Linux VPS Hosting | MySql 5.0.27 | PHP 5.2.6