These files containging requests against maven repository, e.g. webdav/geotools (and others) and http 404 errors for failed requests
And because it is public accessible it is scanned by google & co (and indexed). And thats the reason I found requests for company internal maven artefacts against OSGeo maven repository.
I got shocked because I’ll find (our) artifacts on your server but then I saw the following comment in each log:
# URL with 404 errors - Hits - Last URL referer
I’d like to raise a question : Can OSGeo Admins configure the service in a way, that these logs are not public OR can you please delete the logs so that they are not accessible anmore?
Those are logs gathered by awstats, montly, but I cannot find a
working awstats URL so maybe it was a never-completed attempt
at installing stats.
Can anyone else remember such a previous attempt ?
Frank: how did you find the /logs url ? If robots are indexing it
there must be an incoming link somewhere ? Could you please file
a ticket on https://trac.osgeo.org/osgeo to deal with this ?
I'm not sure there's such sensitive information in those logs,
at least I remember long ago OSGeo stats were intentionally public.
Martin: could you take a look and enable history tracking for
those configurations ?
These files containging requests against maven repository, e.g.
webdav/geotools (and others) and http 404 errors for failed requests
And because it is public accessible it is scanned by google & co (and
indexed). And thats the reason I found requests for company internal maven
artefacts against OSGeo maven repository.
I got shocked because I'll find (our) artifacts on your server but then I
saw the following comment in each log:
# URL with 404 errors - Hits - Last URL referer
I'd like to raise a question : Can OSGeo Admins configure the service in a
way, that these logs are not public OR can you please delete the logs so
that they are not accessible anmore?
Those are logs gathered by awstats, montly, but I cannot find a
working awstats URL so maybe it was a never-completed attempt
at installing stats.
Can anyone else remember such a previous attempt ?
It is working, I think I set it up. I'll give you the link over IRC. It
is not the standard default awstats url to avoid bots.
Best practices these days suggest you hide such pages from
unathenticated public as spammers and hackers try to mine info out of them.
Frank: how did you find the /logs url ? If robots are indexing it
there must be an incoming link somewhere ? Could you please file
a ticket on https://trac.osgeo.org/osgeo to deal with this ?
I'm not sure there's such sensitive information in those logs,
at least I remember long ago OSGeo stats were intentionally public.
Martin: could you take a look and enable history tracking for
those configurations ?