The security mailing list has received a report that some directory listings are available on aus2-community.mozilla.org Unlike aus5.mozilla.org for comparison, 1) it's reachable unencrypted on port 80: http://aus2-community.mozilla.org/ (http://aus5 doesn't exist, but a redirect to https would be acceptable) 2) the root page (both http and https) is the default Apache 2 CentOS page. Compare https://aus5.mozilla.org/ 3) https://aus2-community.mozilla.org/icons/ shows a directory listing (and on http: also). compare https://aus5.mozilla.org/icons/ Fixing 3) in particular will save us from folks running basic "web security" scanners on our sites and reporting the default findings. CC'ing people involved in bug 726692 as a starting point. Not sure who owns this system.
You need to log in before you can comment on or make changes to this bug.