Используйте средства защиты! Соблюдайте гигиену! Избегайте посещения людных мест!

Historical information collectors portal, electronic museum 'ВиФиАй' work-flow-Initiative 16+


Quick Links


Подписка и соц. сети

на обновления сайта



New Materials

Картинка недели

Back to topBack to top
To the end
To the end
Create a personal gallery (section)Create a personal gallery (section)
Create a personal album (with images)Create a personal album (with images)
Create articleCreate article

Site aliases

Evaluation section:
Do not like
Scanner aliases site reveals popular paths are configured as alias,
what it means and what you should pay attention:

The first tool allows the administrator to pay attention \ webmaster of this site to a possible vulnerability example: after the installation site in the root directory was / install it, though not irrelevant to the nicknames, but nevertheless a vulnerability that an administrator can benefit without problems this defect notice.

Imagine that in the standard assembly WEB-server registered alias to access phpmyadmin which will be available for any kind of link: * / phpmyadmin , at all sites running on the server, where in the site root directory  phpmyadmin  course does not exist, and provide access to it all in a row there is no need.

Such alias can simply not notice, especially if the server configuration is spread across multiple files, better yet again to check the entire configuration independently, but will help insure our crawler popular aliases that attackers strive to use for their own selfish purposes.

Scan alias (Alias) website:

  • admin/
  • install/
  • update/
  • phpmyadmin/
  • security/
  • webalizer/
  • contrib/
  • forbidden/
  • restricted/
  • icons/
  • webdav/
  • htaccess/
  • server-status/
  • server-info/
  • manual/
  • error/
  • logs/
  • log/
  • webpath/
  • php/
  • Enter the ip address or hostname of the test
    HTTP/1.1 200 OK:

    Total was defined aliases:2885

    Example configuration alias server APACHE:
    To Hem server directory lies not in the root directory and elsewhere on the disk is necessary. 
    Take advantage of opportunities created Apache alias:
    Alias / test / "C :/ musor / test_www /"  
    Indexes MultiViews options
    AllowOverride None
    Order allow, deny
    Allow from All
    Now with the server will be called http://localhost/test/ not embedded test directory in the root directory of the server and the alias is placed in a place specified in the command to create an alias Alias / test / "C :/ musor / test_www /"

    Related sections:

    Новые альбомы:

    Development page is completed by 0%