WordPress.org

Ready to get started?Download WordPress

Forums

Sociable
Security Hole? Browsable Sociable Folder.. (6 posts)

  1. kopgamer
    Member
    Posted 2 years ago #

    I was checking my google links and see that google cached my Sociable plugin folder (.com/wp-content/plugins/sociable/).. I browse the folder with my browser and see that I can browse and open the files within the sociable folder.. I used wordpress for a long time, and this is my first time seeing a plugin which allows this behaviour..

    I'm uninstalling this plugin..

    http://wordpress.org/extend/plugins/sociable/

  2. Mark (podz)
    Support Maven
    Posted 2 years ago #

    I will contact the author. It is also not a security issue.

    However - this is something your webhost should have done something about. Allowing the browsing of directories without an index file is poor form and if it applies there it will apply everywhere. It is to protect against this form that many plugins come with an empty index.php file.

    To stop this:
    in Notepad/textedit create a new file called index.php
    You don't have enter anything in it, it just has to be called that.
    Using ftp or your webhost file manager upload that into any directory that does not have any index file. (If it does have an index.php or .html or .anything else do not do this)
    That will stop this.

    There is a way to do this with .htaccess but I forget right now.

    But the real people you should contact is your webhost because as I said it's bad form.

  3. kopgamer
    Member
    Posted 2 years ago #

    Ok, I will check with my host.. But my other plugins are fine, only Sociable did that..

  4. Mark (podz)
    Support Maven
    Posted 2 years ago #

    The other plugins had the empty index.php

    It really is not a security issue.

  5. kopgamer
    Member
    Posted 2 years ago #

    Thanks..

    I'm adding "Options All -Indexes" to my htaccess file..

  6. sociable
    Member
    Plugin Contributor

    Posted 2 years ago #

    Hi, the new version includes an empty index.php on request of admins

    Many thanks for sharing and co-creating this plugin!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags