Posts Tagged ‘Off-Topic’
Skowronek.org Facelift
Sunday, January 6th, 2008
It’s been a couple of weeks since I finished the final design, and now, after a day or so of coding and fussing with WordPress, it is finally done. Completely rebuilt with widgets (I’ll post my twitter and other such widgets later perhaps) and dynamic everything. Now time for bed.
It’s been a couple of weeks since I finished the final design, and now, after a day or so of coding and fussing with WordPress, it is finally done. Completely rebuilt with widgets (I’ll post my twitter and other such widgets later perhaps) and dynamic everything. Now time for bed.
Index of /wp-content/uploads
Friday, December 7th, 2007
Tonight, whilst experimenting with the various advanced Google search techniques (hacks) to locate web content, I had an epiphany. Any web directory/folder that has indexes enabled (show an index of the contents of the folder of no directory index file exists) will list the contents of said directory with the phrase “Index of” followed by the actual root-relative path to available list of assets. This is due to the fact that the directory/folder does not have an index document/file present, so the web server spits out the entire list of the folder’s content. But I digress.
I have been using WordPress as my blogging platform for a few years now. Before that was a hybrid of PHPBB and custom PHP application I wrote. WordPress works great and has robust features that make blogging a snap for the more technical (such as myself, ehem) and also for the less technical netizens out there. Now, one of these great features is the ability to upload pictures and files (content) through a web interface. What a great concept (this is where the epiphany came in) except if you weren’t planning on listing up the contents of your entire uploads folder to the world. which happens to be the case with some (okay a lot of) default installations of WordPress.
Lets say you “Google” the “Index of” any WordPress uploads folders (/wp-content/uploads). You don’t have to be a rock scientist (yes, that was a joke) to realize the possible implications. Let me give you an idea of the figure as of tonight: 4,143,000 indexes. That’s 4,143,000 WordPress installations that have directory indexes enabled and are completely wide open to crawlers and spiders that can pilfer (argh) their content.
Try it yourself: http://www.google.com/search?q=Index+of+%2Fwp-content
Tonight, whilst experimenting with the various advanced Google search techniques (hacks) to locate web content, I had an epiphany. Any web directory/folder that has indexes enabled (show an index of the contents of the folder of no directory index file exists) will list the contents of said directory with the phrase “Index of” followed by the actual root-relative path to available list of assets. This is due to the fact that the directory/folder does not have an index document/file present, so the web server spits out the entire list of the folder’s content. But I digress.
I have been using WordPress as my blogging platform for a few years now. Before that was a hybrid of PHPBB and custom PHP application I wrote. WordPress works great and has robust features that make blogging a snap for the more technical (such as myself, ehem) and also for the less technical netizens out there. Now, one of these great features is the ability to upload pictures and files (content) through a web interface. What a great concept (this is where the epiphany came in) except if you weren’t planning on listing up the contents of your entire uploads folder to the world. which happens to be the case with some (okay a lot of) default installations of WordPress.
Lets say you “Google” the “Index of” any WordPress uploads folders (/wp-content/uploads). You don’t have to be a rock scientist (yes, that was a joke) to realize the possible implications. Let me give you an idea of the figure as of tonight: 4,143,000 indexes. That’s 4,143,000 WordPress installations that have directory indexes enabled and are completely wide open to crawlers and spiders that can pilfer (argh) their content.
Try it yourself: http://www.google.com/search?q=Index+of+%2Fwp-content
When A = B
Friday, December 8th, 2006
Somehow Nicole found an old birthday card my dad gave me a couple of years ago. Inside the card, was a gift card to Red Lobster worth $25…SWEET! I wanted to make sure there was still a balance remaining so I called the number provided on the back of the card to check my the balance. “Yes, there is $14.25 left on your card” What? How [the hell] do I have a balance of $14.25 on a $25 gift card that I’ve never used? “Well sir, there are monthly maintenance fees taken after a certain period of time (in this case $1.50 per month over the period of 2 or 3 years.) I’LL SHOW YOU FEES YA THIEF. What a complete joke. Oh if I had the time and energy to pursue this issue further. Sadly, I don’t and have already wasted enough time already BaM’ing about it.
Somehow Nicole found an old birthday card my dad gave me a couple of years ago. Inside the card, was a gift card to Red Lobster worth $25…SWEET! I wanted to make sure there was still a balance remaining so I called the number provided on the back of the card to check my the balance. “Yes, there is $14.25 left on your card” What? How [the hell] do I have a balance of $14.25 on a $25 gift card that I’ve never used? “Well sir, there are monthly maintenance fees taken after a certain period of time (in this case $1.50 per month over the period of 2 or 3 years.) I’LL SHOW YOU FEES YA THIEF. What a complete joke. Oh if I had the time and energy to pursue this issue further. Sadly, I don’t and have already wasted enough time already BaM’ing about it.