Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

How hackers are using Google to pwn our sites

dan39dan39 New
edited January 2007 in Vanilla 1.0 Help
Anyone who keeps copies of their source files (SVNs, or compressed archives) should read this article. Google code has become a go-to place for hackers looking to search for exploits:

http://www.shoemoney.com/2006/12/26/how-hackers-are-using-google-to-pwn-your-site/

There is a very easy way to prevent Google Code search from finding your source code using robots.txt:

Also, it seems that the Vanilla SVN and the Vanilla releases are being indexed by Google Code. I can see this being a good thing for developers, but I suppose it could be abused as well.

Comments

  • Options
    whats the problem with vanilla code being on there. Mark allows all to download the files anyway :)
  • Options
    I think he's saying it's more of a security issue for people who have private SVNs.
  • Options
    Definitely interesting. I am sure many more will fall victim to this. Specially now since the story is out there floating around.
This discussion has been closed.