LinuxQuestions.org - How to block Dir harvest?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - How to block Dir harvest? (https://www.linuxquestions.org/questions/linux-security-4/how-to-block-dir-harvest-4175644709/)

How to block Dir harvest?

Hello.
I just installed Apache on CentOS 7 x86_64 and with a tools like "DirBuster", I can find all directories and files. How can I block it? For example, I created a directory with the name "a" and "DirBuster" found it very fast. Is it because of directory permission?

Code:

$ ll

total 4

drwxr-xr-x. 2 root root    6 Nov  5 05:17 cgi-bin

drwxr-xr-x. 9 root root 4096 Dec 21 12:20 html

And:

Code:

$ ll

total 228

drwxr-xr-x.  2 root  root      6 Dec 21 12:20 a

-rw-r--r--.  1 root  root    1646 Dec 11 16:22 ca_bundle.crt

-rw-r--r--.  1 root  root    1910 Dec 11 16:22 certificate.crt

-rw-r--r--.  1 apache apache  418 Dec  9 13:00 index.php

-rw-r--r--.  1 apache apache 19935 Dec  9 15:41 license.txt

-rw-r--r--.  1 root  root    1703 Dec 11 16:22 private.key

-rw-r--r--.  1 apache apache  7415 Dec  9 15:41 readme.html

drwxr-xr-x.  2 root  root      66 Dec 11 15:48 sslforfree

-rw-r--r--.  1 root  root    5587 Dec 11 15:01 sslforfree.zip

-rw-r--r--.  1 apache apache  166 Dec  9 13:00 web.config

-rw-r--r--.  1 apache apache  166 Dec  9 13:00 web.config.181209093052.orig

-rw-r--r--.  1 apache apache  5458 Dec  9 13:00 wp-activate.php

drwxr-xr-x.  9 apache apache  4096 Dec  9 15:41 wp-admin

-rw-r--r--.  1 apache apache  364 Dec  9 13:00 wp-blog-header.php

-rw-r--r--.  1 apache apache  1889 Dec  9 13:00 wp-comments-post.php

-rw-r--r--.  1 apache apache  3675 Dec 17 14:26 wp-config.php

-rw-r--r--.  1 apache apache  2853 Dec  9 13:00 wp-config-sample.php

drwxr-xr-x.  8 apache apache  4096 Dec 18 11:29 wp-content

-rw-r--r--.  1 apache apache  3669 Dec  9 13:00 wp-cron.php

drwxr-xr-x. 19 apache apache  8192 Dec  9 15:41 wp-includes

-rw-r--r--.  1 apache apache  2422 Dec  9 13:00 wp-links-opml.php

-rw-r--r--.  1 apache apache  3306 Dec  9 13:00 wp-load.php

-rw-r--r--.  1 apache apache 37286 Dec  9 15:41 wp-login.php

-rw-r--r--.  1 apache apache  8048 Dec  9 13:00 wp-mail.php

-rw-r--r--.  1 apache apache 17421 Dec  9 15:41 wp-settings.php

-rw-r--r--.  1 apache apache 30091 Dec  9 13:00 wp-signup.php

drwxr-xr-x.  2 apache apache    22 Dec  9 13:04 wp-snapshots

-rw-r--r--.  1 apache apache  4620 Dec  9 13:00 wp-trackback.php

-rw-r--r--.  1 apache apache  3065 Dec  9 13:00 xmlrpc.php

I can browse all files and directories by "www.domain.com/a". How can I solve it?

Thank you.

So you installed Apache. Do you know what is this? Do you know how does it work? Did you configure it properly? Did you configure it at all? Uninstall it and that will solve your issue.

I had not known about Dirbuster, thanks for teaching me something new.

One thing puzzles me, though: How did you find out about it? If you used the internet, why did you not use the internet to find answers to your question?

Search for block dirbuster and be rewarded with pages like this one. And many others.

So, I suggest you use this great resource named “internet” and, if you still have questions, ask them here.

I found something https://serverfault.com/questions/17...-file-w/377330 but is for a file or directory.

Quote:

Originally Posted by hack3rcon (Post 5939785)

I found something https://serverfault.com/questions/17...-file-w/377330 but is for a file or directory.

There you go. That's the answer. Please use the thread tools to mark the thread SOLVED

Seriously, search the Apache documentation for Directory Options. See how to use the Indexes option.

I use dirbuster every day at work (pen tester). You can't stop dirbuster from finding directories the server is meant to serve. What you CAN stop is the directories from being browsable. Keep in mind that blacklisting tools is useless because many of these can emulate different tools, rending blacklists moot. Can't remember if dirbuster does this, I never have had to make it appear as something else.

Quote:

Originally Posted by berndbausch (Post 5939784)

It is useless.

no, it is not useless. But as usual you need to learn to use it.
As you need to learn how redirection works, how cron works, how apache works, how apt works, how search engines work and a lot of other things. We can't do that for you, I can't give you my experiences.
Believe me, you will [can] progress much faster if you learn. But you know. Your last post itself is completely useless, will not help to solve your issues and even does not give us any information to be able to help you.

https://www.linuxquestions.org/quest...4/#post5938205

Quote:

Originally Posted by hack3rcon (Post 5940270)

It is useless.

Most of the questions you ask waste your time (and other people's time, but it's their choice to read them and reply to them). Your questions are so generic that LQ users can only give generic answers, the same answers you would easily find on the internet.

However, the internet also has specific answers, and you are in the unique position to know which specific answer fits your specific problem. I can't know that, because you don't explain your specific problem.

Your comment "it is useless" is such an example. If you say that a given web page is useless, I can't help you. If you say which part of the web page doesn't work for you, I may help. If you say what you tried to do, what was the outcome, and what is the outcome that you desire, I may help.

Quote:

Originally Posted by pan64 (Post 5940272)

As you see, that thread posted in "Linux - Newbie". I know that those lines must be added to .htaccess file.