Change Details

/w Alert group Git repository found Severity **High** Description Git metadata directory (.git) was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that version control tool Git creates. The metadata directories are used for development purposes to keep track of development changes to a set of source code before it is committed back to a central repository (and vice-versa). When code is rolled to a live server from a repository, it is supposed to be done as an export rather than as a local working copy, and hence this problem. Recommendations Remove these files from production systems or restrict access to the .git directory. To deny access to all the .git folders you need to add the following lines in the appropriate context (either global config, or vhost/directory, or from .htaccess): <Directory ~ "\.git"> Order allow,deny Deny from all </Directory> Alert variants Details Git files found at : /w/.git/config Repository files/directories: .editorconfig .eslintrc.json .fresnel.yml .gitattributes .gitignore .gitmodules .gitreview .mailmap .phan/config.php .phan/internal_stubs/memcached.phan_php ... GET /w/.git/config HTTP/1.1 Connection: keep-alive Authorization: Basic YW5vbnltb3VzOmFub255bW91cw== Accept: */* Accept-Encoding: gzip,deflate Host: wikicod.ir User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41

/w Alert group Git repository found Severity **High** Description Git metadata directory (.git) was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that version control tool Git creates. The metadata directories are used for development purposes to keep track of development changes to a set of source code before it is committed back to a central repository (and vice-versa). When code is rolled to a live server from a repository, it is supposed to be done as an export rather than as a local working copy, and hence this problem. Recommendations Remove these files from production systems or restrict access to the .git directory. To deny access to all the .git folders you need to add the following lines in the appropriate context (either global config, or vhost/directory, or from .htaccess): <Directory ~ "\.git"> Order allow,deny Deny from all </Directory> Alert variants Details Git files found at : /w/.git/config Repository files/directories: .editorconfig .eslintrc.json .fresnel.yml .gitattributes .gitignore .gitmodules .gitreview .mailmap .phan/config.php .phan/internal_stubs/memcached.phan_php ... GET /w/.git/config HTTP/1.1 Connection: keep-alive Authorization: Basic YW5vbnltb3VzOmFub255bW91cw== Accept: */* Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41

/w Alert group Git repository found Severity **High** Description Git metadata directory (.git) was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that version control tool Git creates. The metadata directories are used for development purposes to keep track of development changes to a set of source code before it is committed back to a central repository (and vice-versa). When code is rolled to a live server from a repository, it is supposed to be done as an export rather than as a local working copy, and hence this problem. Recommendations Remove these files from production systems or restrict access to the .git directory. To deny access to all the .git folders you need to add the following lines in the appropriate context (either global config, or vhost/directory, or from .htaccess): <Directory ~ "\.git"> Order allow,deny Deny from all </Directory> Alert variants Details Git files found at : /w/.git/config Repository files/directories: .editorconfig .eslintrc.json .fresnel.yml .gitattributes .gitignore .gitmodules .gitreview .mailmap .phan/config.php .phan/internal_stubs/memcached.phan_php ... GET /w/.git/config HTTP/1.1 Connection: keep-alive Authorization: Basic YW5vbnltb3VzOmFub255bW91cw== Accept: */* Accept-Encoding: gzip,deflate Host: wikicod.ir User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41