LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-26-2007, 07:12 AM   #1
DaveQB
Member
 
Registered: Oct 2003
Location: Sydney, Australia.
Distribution: Debian, Ubuntu
Posts: 400

Rep: Reputation: 39
Nikto


Nikto seems a great tool to check your apache install. Only problem is how do you remedy these issues it raises ?

I have managed to work out all apart from this:

Quote:
/robots.txt - contains 1 'disallow' entry which should be manually viewed (added to mutation file lists) (GET).
Anyone know the solution ?
 
Old 02-26-2007, 08:03 AM   #2
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Isn't robots.txt a file you can put on your webserver to prevent a bot from actually indexing it? Remember this from an old war game .

Anyway I guess you'd first have to check what exactly you are blocking in the robots.txt file you have on your webserver. You might get a clue on what to do after that. I'm lost on the "mutation file list" though.

Found this though on Google:
Code:
In the case of articles, they can be represented in more than one site.They also look for “content evolution.In general 65% of web content does not change on a weekly basis. 0.8% will change completely on a weekly basis, such as a news site. They are looking at the “average page mutation” of a URL and a website. If too high, , they will filter out the duplicate results.
So from this what I get is this has something to do with making sure that content on your website doesnt get listed elsewhere. The mutation file list is probably something that will inform you if your content is infact robbed by the "entry" in the robots.txt and put on another site.

I'm just doing some "logical" guesswork here. So if someone finds this illogical or incorrect or knows otherwise please correct me.

Hope I helped though .

Cheers
Arvind
 
Old 02-28-2007, 04:08 AM   #3
jeru
Member
 
Registered: Feb 2003
Location: Arizona
Distribution: Debian Sid
Posts: 57

Rep: Reputation: 15
You don't have to fix everything nikto says something about. A lot of it is informative 'just so you know' kinds of things. Its also not a tool to test your apache install so much as its a tool to test the content on it. If you want to test apache itself you use nessus. (which also does some content testing but is geared more towards the actual services themselves)

Its telling you that you have a disallow entry in your robots.txt to block things like google. If you care take a look at it and see if that should be blocked, otherwise ignore.
 
Old 03-01-2007, 02:46 PM   #4
DaveQB
Member
 
Registered: Oct 2003
Location: Sydney, Australia.
Distribution: Debian, Ubuntu
Posts: 400

Original Poster
Rep: Reputation: 39
Well it did list about 6 lines of issues, but only had 2 marked with [GET] and in the summary said there were two issues, I assumed 2 issues to be concerned with so concluded that was one of them.

I havent ran nessus yet.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
nikto scan noir911 Linux - Security 2 03-14-2006 02:23 AM
Nikto mutate option bertheylen Linux - Software 6 02-15-2006 08:05 AM
Nikto <GET> method noir911 Linux - Security 0 05-10-2005 09:23 AM
Nikto Scanner igor8 Linux - Security 7 06-14-2004 01:05 PM
Nikto: Security Scanner Par4n0iA Linux - Security 1 08-05-2003 03:36 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration