Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello.
I just installed Apache on CentOS 7 x86_64 and with a tools like "DirBuster", I can find all directories and files. How can I block it? For example, I created a directory with the name "a" and "DirBuster" found it very fast. Is it because of directory permission?
Code:
$ ll
total 4
drwxr-xr-x. 2 root root 6 Nov 5 05:17 cgi-bin
drwxr-xr-x. 9 root root 4096 Dec 21 12:20 html
And:
Code:
$ ll
total 228
drwxr-xr-x. 2 root root 6 Dec 21 12:20 a
-rw-r--r--. 1 root root 1646 Dec 11 16:22 ca_bundle.crt
-rw-r--r--. 1 root root 1910 Dec 11 16:22 certificate.crt
-rw-r--r--. 1 apache apache 418 Dec 9 13:00 index.php
-rw-r--r--. 1 apache apache 19935 Dec 9 15:41 license.txt
-rw-r--r--. 1 root root 1703 Dec 11 16:22 private.key
-rw-r--r--. 1 apache apache 7415 Dec 9 15:41 readme.html
drwxr-xr-x. 2 root root 66 Dec 11 15:48 sslforfree
-rw-r--r--. 1 root root 5587 Dec 11 15:01 sslforfree.zip
-rw-r--r--. 1 apache apache 166 Dec 9 13:00 web.config
-rw-r--r--. 1 apache apache 166 Dec 9 13:00 web.config.181209093052.orig
-rw-r--r--. 1 apache apache 5458 Dec 9 13:00 wp-activate.php
drwxr-xr-x. 9 apache apache 4096 Dec 9 15:41 wp-admin
-rw-r--r--. 1 apache apache 364 Dec 9 13:00 wp-blog-header.php
-rw-r--r--. 1 apache apache 1889 Dec 9 13:00 wp-comments-post.php
-rw-r--r--. 1 apache apache 3675 Dec 17 14:26 wp-config.php
-rw-r--r--. 1 apache apache 2853 Dec 9 13:00 wp-config-sample.php
drwxr-xr-x. 8 apache apache 4096 Dec 18 11:29 wp-content
-rw-r--r--. 1 apache apache 3669 Dec 9 13:00 wp-cron.php
drwxr-xr-x. 19 apache apache 8192 Dec 9 15:41 wp-includes
-rw-r--r--. 1 apache apache 2422 Dec 9 13:00 wp-links-opml.php
-rw-r--r--. 1 apache apache 3306 Dec 9 13:00 wp-load.php
-rw-r--r--. 1 apache apache 37286 Dec 9 15:41 wp-login.php
-rw-r--r--. 1 apache apache 8048 Dec 9 13:00 wp-mail.php
-rw-r--r--. 1 apache apache 17421 Dec 9 15:41 wp-settings.php
-rw-r--r--. 1 apache apache 30091 Dec 9 13:00 wp-signup.php
drwxr-xr-x. 2 apache apache 22 Dec 9 13:04 wp-snapshots
-rw-r--r--. 1 apache apache 4620 Dec 9 13:00 wp-trackback.php
-rw-r--r--. 1 apache apache 3065 Dec 9 13:00 xmlrpc.php
I can browse all files and directories by "www.domain.com/a". How can I solve it?
So you installed Apache. Do you know what is this? Do you know how does it work? Did you configure it properly? Did you configure it at all? Uninstall it and that will solve your issue.
I had not known about Dirbuster, thanks for teaching me something new.
One thing puzzles me, though: How did you find out about it? If you used the internet, why did you not use the internet to find answers to your question?
Search for block dirbuster and be rewarded with pages like this one. And many others.
So, I suggest you use this great resource named “internet” and, if you still have questions, ask them here.
I use dirbuster every day at work (pen tester). You can't stop dirbuster from finding directories the server is meant to serve. What you CAN stop is the directories from being browsable. Keep in mind that blacklisting tools is useless because many of these can emulate different tools, rending blacklists moot. Can't remember if dirbuster does this, I never have had to make it appear as something else.
I had not known about Dirbuster, thanks for teaching me something new.
One thing puzzles me, though: How did you find out about it? If you used the internet, why did you not use the internet to find answers to your question?
Search for block dirbuster and be rewarded with pages like this one. And many others.
So, I suggest you use this great resource named “internet” and, if you still have questions, ask them here.
no, it is not useless. But as usual you need to learn to use it.
As you need to learn how redirection works, how cron works, how apache works, how apt works, how search engines work and a lot of other things. We can't do that for you, I can't give you my experiences.
Believe me, you will [can] progress much faster if you learn. But you know. Your last post itself is completely useless, will not help to solve your issues and even does not give us any information to be able to help you.
Most of the questions you ask waste your time (and other people's time, but it's their choice to read them and reply to them). Your questions are so generic that LQ users can only give generic answers, the same answers you would easily find on the internet.
However, the internet also has specific answers, and you are in the unique position to know which specific answer fits your specific problem. I can't know that, because you don't explain your specific problem.
Your comment "it is useless" is such an example. If you say that a given web page is useless, I can't help you. If you say which part of the web page doesn't work for you, I may help. If you say what you tried to do, what was the outcome, and what is the outcome that you desire, I may help.
no, it is not useless. But as usual you need to learn to use it.
As you need to learn how redirection works, how cron works, how apache works, how apt works, how search engines work and a lot of other things. We can't do that for you, I can't give you my experiences.
Believe me, you will [can] progress much faster if you learn. But you know. Your last post itself is completely useless, will not help to solve your issues and even does not give us any information to be able to help you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
How to block Dir harvest?
