Closed Bug 572154 Opened 15 years ago Closed 14 years ago

Lock Down Server Configuration To Prevent Unnecessary Public Access to Files

Tracking

(Not tracked)

Status:

RESOLVED WONTFIX

People

(Reporter: mcoates, Unassigned)

Details

(Whiteboard: [infrasec:access])

Michael Coates [:mcoates] (acct no longer active)

Reporter

Description

•

15 years ago

Issue The drumbeat web server is providing access to files that do not need to be publicly accessible. For example: http://www.drumbeat.org/patches/back_port-114774.patch https://www.drumbeat.org/MAINTAINERS.txt https://www.drumbeat.org/update.php https://www.drumbeat.org/install.php https://www.drumbeat.org/cron.php Recommended Remediation Remove any files that are no longer needed or restrict access to only authorized parties. Files such as update.php, install.php, and cron.php should be moved into the admin folder so access is restricted to only admin accounts.

Michael Coates [:mcoates] (acct no longer active)

Reporter

Updated

•

15 years ago

Whiteboard: [infrasec:access]

Paul Osman [:paulosman]

Comment 1

•

14 years ago

Drupal based version drumbeat.org has been retired. This is not an issue on the current version. Static files served on the new site must be in the 'media' directory.

Status: NEW → RESOLVED

Closed: 14 years ago

Resolution: --- → WONTFIX

Curtis Koenig [:curtisk-use curtis.koenig+bzATgmail.com]]

Updated

•

13 years ago

Group: websites-security

Nobody; OK to take it and work on it

Assignee

Updated

•

10 years ago

Product: Websites → Websites Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Lock Down Server Configuration To Prevent Unnecessary Public Access to Files

Categories

(Websites Graveyard :: drumbeat.org, defect)

Tracking

(Not tracked)

People

(Reporter: mcoates, Unassigned)

References

Details

(Whiteboard: [infrasec:access])

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Updated

Updated