2011-11-29, 11:34 AM
Quote:Both of these email addresses are used in the credits to the Apache icon set, which appear on DirectoryIndex pages. While NetSparker is warning you about these email addresses are made available publicly on your server, this particular entry is nothing to worry about!
See https://www.apache.org/icons/ for the credits.
This is also only an 'information' level issue that it has found (see the 'i' icon next to Email Address Disclosure in the Issue list). Therefore, it's not of the highest priority. This entry in the issues list doesn't at all suggest your server is compromised.
NetSparker will give you a lot of information. Interpreting the results is as important as doing the scan in the first place. :)
I'm glad, that I would really feel like a noob. Only thing that safe is my php it says:
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.
and my cookie is not marked as secure but that would be logical cuz I generated my own https certificate and my cookie is not marked as http only. will have a look at that.
And need to look at my directory listing:
An attacker can see the files located in the directory and could potentially access files which disclose sensitive information.