On Fri, Jan 10, 2020 at 06:40:47PM +0000, Chris Green wrote:
On Fri, Jan 10, 2020 at 05:35:28PM +0000, steve-ALUG@hst.me.uk wrote:
I had a look at http://isbd.net/ which I presume is yours. I don't know if that's the one that you are talking about, but if it is, none of the pages opened as https for me.
They should now, if not then I'd be interested to know. I did the changes today (10th January) around 2pm.
I see "Index of /" if I go to that, with no HTTPS redirection.
Also, I don't know much about trying to hack a website, but displaying the PHP status & config info on a webpage just sort of highlights if there are any vulnerabilities that may be exploited.
Yes, true enough, but hiding them is only 'security by obscurity' isn't it!
It's security by obscurity if it's the only thing you do. It's part of a proper security in depth strategy though.
J.