Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

robot(s).txt


Guest

Recommended Posts

Posted

Hello,

I run an oscommerce store and wondering what code should one write in the robots.txt file to stop bots from caching wrong information. By connecting to the server and requesting the /robot(s).txt file, an attacker may gain additional information about the system they are attacking. So what directories or files should one disallow for the bots. Please reply with code.

 

Thanks

Jubin Jacob

Posted

The robots file won't make any difference as far as hackers are concerned. It is just a request to the search engines not to list pages, and not all will honor that request. But you should list any files and directories that you don't want listed.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Posted
an attacker may gain additional information about the system they are attacking

 

In your robots.txt file if you add something like;

User-agent: *
Disallow: /admin

 

It tells a hacker exactly where your admin is located. You should NEVER do that. Rename your admin directory and make the changes in your configure.php files and then create a robots.txt file in your new admin directory and add this to it.

 

User-agent: *
Disallow: /

 

This will stop bots from indexing it but also protect its location from hackers.

Posted
In your robots.txt file if you add something like;

User-agent: *
Disallow: /admin

 

It tells a hacker exactly where your admin is located. You should NEVER do that. Rename your admin directory and make the changes in your configure.php files and then create a robots.txt file in your new admin directory and add this to it.

 

User-agent: *
Disallow: /

 

This will stop bots from indexing it but also protect its location from hackers.

If the admin directory is password protected, it makes little difference if anyone can find its name in the robots file. But, by that same reasoning, the search engines can't get in either, so it may not make a difference being there or not.

 

The

User-agent: *
Disallow: /

lines will tell all search engines not to visit the site. Is that what you meant to say?

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

All of My Addons

Get the latest versions of my addons

Recommended SEO Addons

Posted
The

CODE

User-agent: *

Disallow: /

lines will tell all search engines not to visit the site. Is that what you meant to say?

 

Jack

 

Just in directories that you don't want indexed such as your admin. I think ALL store owners should password protect their admin and also rename the directory to something obscure. If you do that it seems ridiculous that you would then tell everyone where it is by adding it to your robots.txt file. By excluding it from your catalog robots.txt file and adding those lines to a robots.txt file in your admin directory if the bots ever find it most will not index it but it gives an extra little bit of protection from someone who just looks at your catalog robots.txt file and looks for the name of your admin directory.

Posted
Just in directories that you don't want indexed such as your admin. I think ALL store owners should password protect their admin and also rename the directory to something obscure. If you do that it seems ridiculous that you would then tell everyone where it is by adding it to your robots.txt file. By excluding it from your catalog robots.txt file and adding those lines to a robots.txt file in your admin directory if the bots ever find it most will not index it but it gives an extra little bit of protection from someone who just looks at your catalog robots.txt file and looks for the name of your admin directory.

 

I don't think a robots.txt file will make a difference at all, if a hacker wants your directory they will get it using a (wild card) . Your best defense is keep current backups of your site. If you are not familiar with the process ask your service provider to make daily backups most do anyway. There are hacker safe programs out there. Just keep in mind nothing is 100%

 

http://www.mcafeesecure.com/us/

 

http://www.networksolutions.com/security-s...A1D466E0000V100

Don't audit life, show up and make the most of it now. Legally, of course!

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...