Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Default/Sample Web Directories Exist

Posted on 2009-05-04
9
Medium Priority
?
274 Views
Last Modified: 2012-05-06
Many web directories that are installed by default contain sample files that were not meant for external access. These files could contain potentially sensitive system or propriety information that could be accessible by an external attacker. In addition a lot of these sample files and folders are vulnerable to known exploits and attacks that, at a minimum, could result in a denial of service attack, or lead to complete system compromise in a worst case scenario.
0
Comment
Question by:Brijeshk9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 24301825
Nice statement.  Did you have a question?
0
 

Author Comment

by:Brijeshk9
ID: 24301897
its one of the Website Vulnerabilities identified by scanner, Now i need solution on it....?
0
 
LVL 14

Expert Comment

by:agriesser
ID: 24302350
Depending on the Apache version you're running, you can simply shut off these directories (like the documentaion alias, etc.) unload unneeded server modules like the serverinfo and status modules, etc.

To disable/modify virtual host configurations on Apache2 based webservers, go to the directory "/etc/apache2/sites-enabled", look through all the symlinks in there and remove the ones you don't need.
Don't worry, if you accidentally deleted one they're still there in the "/etc/apache2/sites-available" directory and can be re-established with the command `ln -s /etc/apache2/sites-enabled/NAME /etc/apache2/sites-available/NAME`.

Then, when you have tuned your webserver configuration, you can have a look at the modules that are loaded in your server and wipe out the ones that are not needed. The enabled modules are (like the VHosts) in a separate directory which is called /etc/apache2/mods-enabled (vs. /etc/apache2/mods-available where all available modules are listed) and remove the ones you don't need.

After you're done, reload the apache configuration with `/etc/init.d/apache2 reload` and run your scanning tool again to find out if things got better.

Unfortunately, without knowing what your scanning tool has mentioned as security flaws I cannot give you an exact answer about what to disable and what not. That also mostly depends on what your applications need from your webserver.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:Brijeshk9
ID: 24310577
Please find the below given evidences given by scanning Tool:..
http://XX.XX.XX.XX/uddi/ 
http://XX.XX.XX.XX/help/index.htm
http://XX.XX.XX.XX/uddi/inquiry
http://XX.XX.XX.XX/uddi/demo/jsp/searchForm.jsp
[NOTE: WHERE XX IS MENTIONED AS IP]
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 24333265
Did you create those directories and files or were they installed by default?

If you created them, ignore the warning.  If they were installed by default then agriesser has already provided the solution.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1500 total points
ID: 24333558
> Now i need solution on it..
I'm pretty sure the scanner told you what should be done (otherwise get your money back:)

Anyway, you either simply have to remove the default web site, or configure the web server to deny access to it.
0
 

Author Closing Comment

by:Brijeshk9
ID: 31577886
Problem resolved
0

Featured Post

The Ideal Solution for Multi-Display Applications

Check out ATEN’s VS1912 12-Port DP Video Wall Media Player at InfoComm 2017. Kerri describes how easy it is to design creative video walls in asymmetric layouts and schedule detailed playlists ahead of time with its advanced scheduling feature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
When the s#!t hits the fan, you don’t have time to look up who’s on call, draft emails, call collaborators, or send text messages. An instant chat window is definitely the way to go, especially one like HipChat. HipChat is a true business app. An…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video teaches users how to migrate an existing Wordpress website to a new domain.
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question