If you run a blog, using WP, and allow google and other search engines to crawl your blog, you might have to add a line to your robots.txt. Unless of course you’ld love to see your database login data appear in google codesearch. No reason to panic, the login/settings file of other platforms surely can also been read.
Remember, Google now knows php and other programming languages.
Here’s the line to add for Wordpress:
Disallow: wp-config.php
If your blog is in a folder such as blog the rule would be
Disallow: /blog/wp-config
Change this accordingly for your platform. For EE it would be the file config.php in your blog folder.
Obviously this applies to any online application you might use (unless your config/settings file is on secured webspace/SSL)
And also be aware of that Google can read the content of compressed files, such as zip and rar, now. So don’t put anything you want to hide on your server, unless the file is password protected.
3 have made me smarter ↓
1 Croaker // Oct 9, 2006 at 1:34 pm// View all comments by Croaker//
+0
Sounds like a scarey loop hole that someone can exploit.
2 Franky // Oct 9, 2006 at 1:41 pm// View all comments by Franky//
+0
Croaker, Yes and no. I remember some years ago having searched in google for the admin folder of a certain open-source ecommerce platform. You can’t imagine how many folders had a. the standard folder name and b. weren’t protected with password, or better even stored on SSL webspace. I got free access to the admin backend of several online shops of different sizes.
Anyway, this hole is not more scary than what happened to the Googleblog (again!) last weekend. ;-)
3 Danalyn // Oct 9, 2006 at 2:11 pm// View all comments by Danalyn//
+0
Okay…from what I read on google, they are only archiving public zip/tar/etc compressed files that are available for download (in public_html or higher up in the tree)? It’s just that some people make backups that are stored in public folders?
Or do I have this wrong?