__/ [www.1-script.com] on Thursday 13 October 2005 16:03 \__
> Roy Schestowitz wrote:
>
>
>
>
>> I have just found in my logs a request for one hidden file. That
>> request was
>> /not/ from an IP address that is mine. Made me very worried...
>
>> I then proceeded to reverse DNS lookup and guess what? The
>> Alexa/Amazon/A9
>> toolbars are not only keeping track of traffic, but also retain URL's
>> of
>> pages that you visit and /use/ them, i.e. visit them and maybe crawling
>> them. Knowing that the Web Archive, AKA Time Machine belongs to Alexa,
>> this
>> is scary at the least. These visits from Alexa might include hidden
>> page
>> that you may have on your fileserver and occasionally access. Handle
>> with
>> care!
>
>> Roy
>
> Hey, Roy!
>
> You thought I sound paranoid when I replied to your "Semantic Searches -
> Knowledge Engines", haven?t you? What do you think about the search
> engines vs. privacy case now? ;-)
*smile*
> I guess, the best way to hide a file would be to
>
> #1 get rid of Alexa toolbar
Quite frankly, I only use it for falsified ranks (I won't deny it and I'll
be bluntly honest as I usually am). I do, however, use the Netscraft
toolbar quite heavily (i.e. roll my eyes towards it). It is spying well,
but it provides many valuable facts that complement the page and give some
context. I can't live without it any longer.
> #2 password-protect the directory it's in if you must have it
> Web-accessible
My personal directory (schestowitz.com/RSS) used to be supposedly 'hidden'
rather than password-protected until a year ago (it's almost 3 years of
age). I learned my lesson as people could access my so-called
dashboard/portal by looking at 'History' (public/friends' terminal).
> #3 anything that does not absolutely have to be accessible should be moved
> above the /public_html/ (or your other Wed root) folder
Yes, I now use /tmp for sql dumps that the cron jobs take care of. I also
use the top-level directory for data transfers on occasions. I did not use
to do it, which is glaringly dangerous.
> #4 every so often change its location. Make it name and location if you
> feel a bit more paranoid now ;-)
It no longer exists. The reason I noticed Alexa's behaviour is that a 404
had been flagged. It was a good reminder as to why I must check it every do
often.
Regards,
Roy
--
Roy S. Schestowitz | Useless fact: Sharks are immune to cancer
http://Schestowitz.com | SuSE Linux | PGP-Key: 74572E8E
4:45pm up 49 days 4:59, 3 users, load average: 1.25, 0.83, 0.61
http://iuron.com - next generation of search paradigms
|
|
