File listing on www.stevie.heliohost.org

[HostedDinner]

I don't know if it is intented, but on http://www.stevie.heliohost.org/ and the IP of it http://65.19.143.2/ you can see the filelisting with some subfolders, which shouldn't be visible I guess

[Piotr GRD]

For many months if not longer, I don't even remember when I've spot it for the first time.

 

[jje]

It appears that the server's root is pointing to /home/djbob/public_html/ on Stevie. I'm not going to touch anything, so

 

This support request is being escalated to our root admin.

[Krydos]

Why not just drop an index file there that redirects to heliohost.org or something? Then djbob can fix or unfix it as he sees fit when he has a chance? I don't really see how that could hurt anything.

[jje]

Good idea, Krydos. I have added an index.html to the directory which redirects to HelioHost.org.

[Guest xaav]

This has always been the case; is this affecting your website or something?

[Krydos]

I think he was just concerned that something might be broken, or it was a security vulnerability.

[Guest xaav]

This support request is being escalated to our root admin.

 

Why was it esclated then? How is it a security vulnerability? You won't be able to gain access to our server via any of those files.

[Krydos]

Why was it esclated then? How is it a security vulnerability? You won't be able to gain access to our server via any of those files.

You'd have to ask jje, but I'm guessing that based on this

Good idea, Krydos. I have added an index.html to the directory which redirects to HelioHost.org.

he hadn't thought to dropping a redirect index file in there so he escalated it? I didn't actually look at any of those files so I have no idea if the directory listing should be visible or not or if it presented any vulnerability or not. If you're certain there is no threat feel free to de-escalate this thread, or jje can do it. If nothing else this thread can be a note to djbob that basically just says,

 

"Hey, we messed with the files in your stevie account a little. Hope it's all good."

[jje]

@xaav - I escalated this because djbob might not want an index file there, and I just wanted to let him know that that's what I did. You can deescalate this if you want.

[Piotr GRD]

xaav is right. It's not critical in any way. And it is available for long time, if something malicious could be done it would be done by someone already.

Most interesting things I found (long time ago) with this are some mp3's (legal or not, djbob?... ;> ) and the couple of years old letter where djbob asks for some funds to buy/get new better server for HelioHost. : )

[jje]

This support request is being deescalated from our root admin.