[Possible] Backup Folder
Description
A backup copy of a web directory has been detected on the server. Backup directories are commonly created by developers or automated tools to preserve previous versions of files, often using naming patterns such as appending '.bak', '.old', or date stamps to the original directory name. These backup directories may remain accessible via the web server if not properly secured or removed after creation.
Remediation
Remove all backup directories from web-accessible locations immediately. Verify removal by attempting to access the backup directory through a web browser or using automated scanning tools.
To prevent future occurrences, implement the following measures:
1. Configure web server access controls to deny access to common backup patterns. For Apache, add to your .htaccess or server configuration:
<DirectoryMatch "\.(bak|backup|old|copy|tmp)$">
Require all denied
</DirectoryMatch>For Nginx, add to your server configuration:
location ~ \.(bak|backup|old|copy|tmp)$ {
deny all;
return 404;
}2. Establish organizational policies that prohibit storing backups in production web directories. Require backups to be stored in non-web-accessible locations or external backup systems.
3. Implement automated monitoring to detect and alert on the presence of backup files or directories in web-accessible paths during deployment processes.
4. Use version control systems (such as Git) instead of manual file backups to track changes and maintain code history securely.