olivetalks » security http://www.olivetalks.com The Olive has arrived and it has things to say… Tue, 16 Nov 2010 19:25:45 +0000 http://wordpress.org/?v=2.8.6 en hourly 1 Security problem with WordPress http://www.olivetalks.com/2009/06/07/naked-folders-in-wordpress/ http://www.olivetalks.com/2009/06/07/naked-folders-in-wordpress/#comments Sun, 07 Jun 2009 14:43:48 +0000 ZoltarStark http://www.olivetalks.com/2009/06/07/naked-folders-in-wordpress/ When writing the post Stop your laptop from succumbing to thermal death I wanted to upload a text file which could be downloaded by the readers. The file didn’t have any extension and as such was not accepted by WordPress when I pressed the Upload button.

I decided to upload the file with the File Manager which is accessible from Hostgator’s cpanel. When doing it, I discovered that various folders which belong to olivetalks’s WordPress installation can be easily seen in web browser by editing the URL in the address bar. For example, olivetalks.com/wp-content/uploads/ or olivetalks.com/wp-includes/

Currently these links are already fixed but here’s an image of how this was before:

Content of WordPress uploads folder

Check your own WordPress blog, it’s possible that you will encounter the same issue even if your WordPress installation is not hosted with Hostgator.

Now that I got your attention, here’s a short description of how to fix this problem. In the main folder of your WordPress installation (the one which contains three folders wp-admin, wp-content and wp-includes) find file called .htaccess (dot at the beginning of the name is important). If the file is not there create it (and set the permissions to 0644). In any case edit the file and add this line:

Options -Indexes

This line will tell Apache (the most popular web server) not to show listings of directories. The configuration applies to the folder where the .htaccess file is located and recursively to all its sub-folders.

After updating .htaccess file – if you try any of the problematic folders you’ll see that their content cannot be seen any more:

Content of WordPress uploads folder after correcting the .htaccess file

Now it’s all right :)

Related post(s)

]]> http://www.olivetalks.com/2009/06/07/naked-folders-in-wordpress/feed/ 2 Is your colleague spying on you? http://www.olivetalks.com/2008/06/19/is-your-colleague-spying-on-you/ http://www.olivetalks.com/2008/06/19/is-your-colleague-spying-on-you/#comments Thu, 19 Jun 2008 19:36:42 +0000 ZoltarStark http://www.olivetalks.com/2008/06/19/is-your-colleague-spying-on-you/ Since I’m not a statistician I’m not really sure how reliable are the results of this survey but supposedly most people are being spied upon at work. According to this research one third of IT “professionals” secretly monitor their co-workers (quotes around the word professionals for the obvious reasons). As each of the miscreants snoops on at least a few people the chance of being under this illegal supervision is rather high.

That’s rather shocking to me. I know that as a sysadmin you have access to passwords and privileged accounts but you’re given them for a very specific purpose not just for your amusement. It’s like your GP telling everybody about your sickness.

Since it looks like avoiding the bad sysadmins is going to be difficult, you have to defend yourself. The only sure defense in this case is not to use the computer at work for anything you’d prefer to remain private. You just can’t be sure otherwise. In many organizations IT staff who left may still have access to the company’s network. This increases your exposure even more. Like for example in this organization.

By the way, the research is already over a year old but it looks like it just got picked up by MSNBC and the blogosphere.

Related post(s)

]]> http://www.olivetalks.com/2008/06/19/is-your-colleague-spying-on-you/feed/ 0