Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
May 24, 2012, 09:43:25 AM

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: sitemaps used for intrusion?  (Read 950 times)
MrPhil
Senior Moderator
Berserker Poster
*****
Offline Offline

Posts: 5215
« on: August 12, 2009, 10:03:06 AM »
I am in the process of making some site structural changes. In the cPanel Error Log this morning, I noticed three attempts from an IP address in the Ukraine. They were looking for: .../google_sitemap.xml, .../sitemap.xml, and .../sitemap/. I presume it's not Google, and is someone sniffing around for a way to get in. Anyway, someone finding a standard sitemap for your site is going to get a nice layout of the place (minus anything you excluded). Does anyone know if there are intrusion methods that make use of this knowledge? Should I be concerned enough to not  put out standard format sitemaps? Or, as long as I keep anything sensitive out of the sitemap, no harm done?

If nothing else, this should be a wakeup call to be careful about what goes into your sitemaps, and to exclude sensitive areas from automatic sitemap generators, that you don't want indexed. Check your sitemaps, especially if they're generated by some program, to make sure you're excluding anything you don't want indexed -- or broken into.
Logged
Visit My Site

E-mail Me
 
-= From the ashes shall rise a sooty tern =-
Mitch
Berserker Poster
*****
Offline Offline

Posts: 12837


WWW
« Reply #1 on: August 12, 2009, 11:36:24 AM »
Haven't heard of any issues of it - but my best guess would be to get their own links inside of there.  Since people rarely re-check their sitemap files, could be a good way to get crawled without getting caught.  I'd say as long as your permissions are right on the folder, and you don't have it writable via the general public - should be ok.  Unless a generating script had a flaw in it.

Anyways, yes - I would agree - good idea to check on your site map every so often to make sure all is as it should be.
Logged
New to Web Site Hosting? Check Out the Lunarpages Blog Hosting Guide!

Follow us @lunarpages on Twitter!
Important Threads: Read This Before Posting! | Lunarforums Rules! | Mitch's Link of the Day!
Also, be sure to check out and subscribe to the Lunartics Blog and the Lunarpages Newsletter !

Need Web Hosting Help? Check out the Lunarpages Web Hosting Wiki. It has tons of tips, tutorials and resources!
bryantrv
Guest
« Reply #2 on: August 12, 2009, 01:12:28 PM »
I know I've been playing with the google sitemap generator on a VPS, and if you are not careful, it will index pretty much everything.
I had to set it up to just index .html and .pdf files.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: