| Posted by ktmduke, 03-19-2010, 04:58 PM | | Hi,
Longtime reader, first time poster to hopefully make use of the extensive knowledge present in the forum.
Here is my query;
I have a domain and site hosted on a shared host. I have a number of pages on the site that are not accessible via any links, have not been published anywhere and are completely invisible (except to those who know the specific url's).
However, i have recently noticed an IP address, which may or may not be a crawler (resolving to linkpimp.net) which has somehow visited these pages.
Can someone explain how this is possible? Is it possible for an external agent to sniff HTTP requests? I can't think of any other explanation that makes sense.
My concern is due to the fact that the hidden pages are used to submit unencrypted form data.
|
| Posted by firedrone, 03-19-2010, 05:58 PM | | You can deny the IP via .htaccess.
|
| Posted by xeonfan, 03-19-2010, 06:17 PM | | it may be linked by someone whom you gave the access, i would think of it like this way that someone bookmarked it on his site and it was crawled from there.
If the data is confidential you should enable password protection for that directory so even if a crawler visits, he would not know how to login to fetch the content.
even a simple password can help you in doing this.
if you happen to be on a cpanel based host, there's a option in control panel "password protect a directory"
you can make a directory for these content and then apply password to it.
if you wish to share that info with limited people, you can always mail them the password along the URL.
hope that helps.
|
| Posted by ktmduke, 03-19-2010, 06:20 PM | | Hi,
I am aware I can restrict the IP using .htaccess, and the pages are also secured with .htpasswd.
My concern was mainly around the ability for an external party to get access to a url that is completely hidden, and what that implies for other data being sent unencrypted to the site.
|
| Posted by AL-Benjamin, 03-19-2010, 06:45 PM | | why not password protect it?
|
| Posted by ktmduke, 03-20-2010, 04:12 AM | | My query isn't so much about how to secure the pages from public viewing, but about the feasibility of someone sniffing or viewing HTTP requests being sent across the internet. How easy is this in practice? I'm absolutely particular the url's are not listed anywhere, so there is no explanation of how an unknown visitor could reach them. Any ideas?
|
| Posted by assistanz247, 03-20-2010, 05:54 AM | | Hackers are using wide range of tools to access data sent across internet, it will be very easy for them to read unencrypted data.
|
|
 Add to Favourites
 Print this Article
|
