Contact Me

Your Name (required)

Your Email (required)

Subject

Your Message

One comment

  1. Paul says:

    Hello,

    I need to let you know I found a open directory security hole on your website.

    I am a Local Web Specialist and was doing some routine security checks on some of my own clients websites, however during a broader comparative analysis I found that you also suffer from the same issue.

    If you’re tech savvy and maintain the site yourself just Google “disable directory browsing” and you should be able to fix it. If you’re not, here’s a breakdown of the issue:

    Your website is using WordPress and the folders “wp-content” or “wp-includes” can contain private and sometimes sensitive data. Right now anyone can see whats there, including nefarious individuals.

    So you can see what i’m talking about copy this search string into google:

    site:brightsideoflife.org -inurl:(jsp|pl|php|html|aspx|htm|cf|shtml) intitle:”Index of /”

    This will bring up the open directories on your web server. When I analyzed your website: brightsideoflife.org, your directories were browsable and the data was available. It should say “Forbidden” or redirect to a 404.

    This shoud be a simple fix for your existing webmaster, just make sure to tell him/her you want to “Disable directory browsing” on your website.

    You also might want to put a CAPTCHA on your contact form, as I am filling this out now I noticed there isn’t one.

    If you have any questions or need a hand fixing the hole you can reach me @ paul@pauldalton.me.

    I hope this helps, Have a great day!

    Paul.

Leave a Reply

CommentLuv badge