As for the intro, open directories are folders of files (little to almost infinity) that are uploaded on the internet on web servers and are linked to the internet. Anyone can find them, anywhere.
Most of the ODs are default folders for websites. For example if I had a website named www.inaiscool.com, then www.inaiscool.com/files is where all the pictures I would want on my homepage would appear.
Others don’t have to be direct websites but FTP or other hosted stuff of files and files that you’ve uploaded on there. Many of these ODs can contain sensitive, personal information and illegal things (such as cracked games, pirated movies, etc.) Everything is text based, so there’s a lot of fun in discovering.
My task was to search as many open directories as possible using the site:.cz operator on google.com to search the Czech-only sphere. There aren’t a lot of Czechs, but they surely loved and still love ODs. They upload lots of mischief and it was my job to find it.
The two keywords that I used in my smart search were “index.of” - indicating an OD and the other was a random sensitive topic like “crack” ; ”movie” ; ”games” and different file types “.mp3″ ; “.mp4″ ; “.exe”, etc. Later, I combined them or thought of different ones to use.
And there you had it, already thousands of results.
It was chaos. Some ODs were just huge unorganized messes of old 00′s photos and videos (which were already a sensitive thing that nobody would be glad to have on the internet). Then it went to school stuff, memes, random images of game avatars, love letters, unmeaningful strips of code, organizational stuff, basically what you would have in your hard drive.
Between these were also some “other” things. Or the whole open directory was filled with it. Porn, illegally downloaded music and movies, books, games. Some even left their passwords or the OD was hacked.
What was mostly dangerous were lots of lists of names, students, some children that were using different login portals. We could find people with their names and email addresses, as well as phone numbers - this could’ve been used to exploit those people. Between these were also contracts and invoices.
I also intended to search the search engine “Shodan.com” to help me find some open directories. To my surprise, there were lots of ODs that were hosted by well-known brands and services.
During my search, I noticed that Open directories were mainly used between the 90′s and 00′s. Even if the popularity had dropped, there are still many that are updating, new people are putting stuff in and it’s important to remember to check if it’s legal to distribute / own the material that is on there. Lastly, always check if what you’re putting out there is okay for you and if it won’t hurt you or your property. There is surely an option to password protect your directory (I’ve stumbled upon a lot that were prohibited to anyone visiting).
The easiest solution is to just not upload on web servers that don’t provide enough security and instead use a flash drive or an online cloud service that stores your files securely like OneDrive or Google drive.
In the post that is following this one, I will share a link to my excel sheet with my research so you can view the stuff for yourself.
