Google Codesearch can display db names and passwords? (5 posts)

  1. shadowbox
    Posted 9 years ago #

    Anyone see this?

    It appears that all the files that are being shown are backups (they seem to end in .zip/tar/gz or are in svn trunks).

    Might want to be careful backing stuff up online!

  2. Hah!

    Don't store your backups in a publically accessible location. Seems obvious, in retrospect, eh?

  3. whooami
    Posted 9 years ago #

    oh my!

  4. Dgold
    Posted 9 years ago #

    Maybe a novice question, but...

    If I use the built-in WP database backup plugin (I think it's based on Skippy's)... and I choose the option "Save a back-up on your server"... will the backup be in one of these 'publically accessible locations'?

    Can I make that location non-public, but still on my server?

  5. Backups go into a directory under wp-content called backup-some_random_num. It would not be found by any sort of casual browsing.

    The wp-content directory contains an index.php file, to prevent casual browsing of the folders in question, so unless you post links to your backups, Google will not find them. If you look at the files with the search found above, you'll notice that none of them fit the pattern defined by the backup plugin for its files. These are backup files that people uploaded to CVS/SVN or files that they put on a server and linked to from somewhere.

Topic Closed

This topic has been closed to new replies.

About this Topic