Select Website 

Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!

Back to Menu Back to Menu

How secure is your Recruitment website? Part 1 - Server Directory Listings

Posted By: Thomas Shaw, 9:08pm Thursday 28 May 2009    Print Article

Every day, I am informed of another insecure recruitment website. How could this still be possible? The economic downturn has lead to an increase in data theft, with recruitment agencies one of the easiest targets. Information is an asset that, like other important business assets, has value.

Remember the issues with Monster? RCSA? CareerOne? NSW Government?

Websites are built with a structure - they contain files and folders. Hackers can deconstruct your website structure by reverse engineering the source code, or simply reading the robots.txt file.

Try this basic test…

In your web browser enter your URL/images/ - just the name of your images folder, nothing else afterwards except for the trailing /

If you see a “Forbidden” or 403 error message, that’s normal, but if you see a list of files and folder names, it means that your server is configured to allow for directory browsing!

Also try other folder names such as images, conn, includes, modules, system, admin, administration, secure, css, js, javascripts, clients, resumes, documents, scripts

You need to contact your website developer or server host to have your server directory listings turned OFF


Protecting your directories from being listed by your website's visitors does not, in and of itself, make your website more secure. At best, it's security by obscurity - that is, you hope that by hiding stuff from view, visitors will not be able to get access to your files.



Article URL: http://www.recruitmentdirectory.com.au/Blog/how-secure-is-your-recruitment-website-part-1-server-directory-listings-a191.html

Article Tags: hacking security rcsa recruitment website job board insecure careerone monster server directory listings

Comments Hide Comments (0)

Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.

Your Name: * Required
Your Email Address: * Required
Website URL:
Comments: * Required
Refresh
Enter the code you see in the image above (case sensitive). Click on the image to refresh it.
 


Back to Menu Back to Menu



Random Blog Articles

Is it time to say farewell to 3rd party application forms?
Published: 11:30am Tuesday 19 July 2011

jobs.NSW Goverment job board now powered by Taleo
Published: 9:00am Friday 16 October 2009

Congratulations Thomas. Top 25 Most Influential Online Recruiters!
Published: 11:24am Monday 22 February 2010

if(candidate.experience.contains(it)) ++bonusPoints
Published: 3:46pm Monday 20 February 2012

Upcoming Webinar - Social Recruiting 101
Published: 5:36pm Wednesday 27 May 2009