Web folder housekeeping

Older web projects (but not only) tend to have various abandoned folders including, old backups, database dumps and legacy code publically available.

A detailed OWSAP guideline.

It’s crucial to keep anything private outside of the public_html folder (or equivalent).

Some bots scan the website and index such vulnerability. Hackers will get notified about an easy prey and then attempt an attack. The “attack” is a strong word, they will simply download the backups or private files.

A screenshot of the log below to illustrate it.

Monitoring Drupal logs. 404 errors can give you an idea of unusual pages targeted by nosy eyes.

Leave a comment

Your email address will not be published. Required fields are marked *