www.podesta.com also has a /protected/ URL

jpmullet | 78 points | Nov 16 2016 18:08:53

www.podesta.com also has a /protected/ URL

Not sure if this has already been brought up but there is a www.podesta.com/protected/ URL.

You get a 403 Forbidden as if there is something there with access control enabled on it.

If you tried to go to a site that didnt exist you get a "Page not found" page. For instance /pizza/ doesnt exist so you get the "Page not found" page.

dezbos | 5 points | Nov 16 2016 21:33:47

usually protected directories themselves are inaccesible, you need to append with a file name. for instance (assuming they use php, i haven't looked): http://www.podesta.com/protected/admin.php

almost forgot. here is the robots: http://www.podesta.com/robots.txt

sorry, just jumping around. here is the login page if you want to play around: https://www.podesta.com/user/login

rocket_nazi | 4 points | Nov 17 2016 00:06:06

403 just means that directory indexing is not allowed. the directory itself isn't protected, you're just not allowed to list all the files in it and it lacks an index page (index.php or .html or whatever).

dezbos | 2 points | Nov 17 2016 00:18:45

i know. i was glancing before leaving work. i didn't feel the need to explain directory permissions or anything like that. just a coincidence the alleged directory was named 'protected'.

rocket_nazi | 3 points | Nov 17 2016 00:23:56

it's not uncommon to have a "protected" directory on a webserver.

source: my 12+ years of linux career stuff.

edit - this would be fun, but it's usually locked down to localhost access only: http://www.podesta.com/server-status

dezbos | 2 points | Nov 17 2016 00:36:31

yea. i do web dev with some hosting experience. usually on windows servers though. also more familiar with the cpanel and plesk UI than the command line itself.

rocket_nazi | 1 points | Nov 17 2016 00:39:20

These would be Apache error messages.

dezbos | 1 points | Nov 17 2016 00:42:55

i noticed. i really should play around with xampp more. thanks for the clarification.

KiA423469420 | 3 points | Nov 16 2016 20:36:59

Just for giggles, I typed in www.podesta.com/protected27/ to see what would happen. It doesn't pop a 403, but a completely different error. That confirms that the /protected/ link goes somewhere specific.

pizza-pudding | 3 points | Nov 16 2016 20:58:24

Different error on this test. Just wanted to see if it existed.

https://www.podesta.com/admin

ack43_throway | 3 points | Nov 16 2016 23:23:52

They use Drupal 7, which I don't believe comes with a /protected dir by default, but yes it looks like it is an actual directory here.

xgobez | 1 points | Nov 16 2016 18:41:17

I.E. lists the most likely cause for the webpage not displaying is that you have to log in. Hm.

jpmullet | 2 points | Nov 16 2016 19:05:41

There's the possibility the permissions were changed on the server in haste to take it down. So the service that runs the webserver doesn't have read permission on those files.