Reporter needs Computer Tekkie to find hidden files on website

Please contact me privately ASAP if you know how to find hidden files on a website. I'm investigating a Republican with a shady past who has altered a website to appear under construction, however a tipster advised me that if you know file name extensions and list the whole thing, hidden files come up. He provided an example as proof. This could be big, big news.

I need to know how to find out what else is there that they're hiding from prying eyes.

and what are google past files?

edit: I'm guessing that google past files is like the waybackmachine? like archive.org?

I don't consider it hacking to type in a URL - is it? Is that hacking?

This is not a government site, it's a .com. It belongs to an organization that HAS broken laws in the past big-time. I suspect they may be up to the old tricks, and hiding activities in hidden files.

I already tried the wayback machine, but will check google past, too.

just use ftp. Of course you cannot download, open or change the files.

I appreciate your zeal, but honestly doubt if you will find what you are looking for. If this org is storing it's secret files on a web server it's pretty stupid, isn't it?

If the files are linked to something, then you can find them through google, but if they are just sitting on a server you will need to do something illegal to get to them. Anyhow, it takes about 2 seconds to delete files from your server. Is this org stupid enough to keep incriminating stuff sitting out in public?

a criminal organization as his official contact for the Registrar of Voters when he ran for office. He's not the brightest bulb.

Strider, huh?

"Hacking" is not "hacking" because the word doesn't have a pure meaning. It's not illegal to be a "hacker." It's illegal to break security schemes and thus "trespass" into areas of a server for which reasonable security measures have been put into place to keep you out. There's a gray area when it comes to exploiting security holes, but that's where the word "reasonable" comes into play from a legal standpoint.

There's a thing called "Google hacking," which uses the word in a more traditional sense without the overtones of illegality. One can utilize Google's features (inurl:, filetype:, etc.) to find files that aren't displayed but are still on open servers. The worst that generally happens when people do this is that the owner of the server complains to google -- which will sometimes disable a feature or change its database so that the supposedly secured files don't show up in searches -- or figures out this is happening on their own and takes measures to stop it at the source, i.e. by adding actual security or removing the files they don't want others to see.

The problem would arise if you start trying to get at files in locked down folders with security implemented you'd have to find a way to bypass. Bypassing that security could land you in gitmo.

But, if I put a file on a web server and don't control access to it, it's open to anyone who can find it. That's how the Internet works. I can't claim "well, I didn't mean for anyone to be able to see my foo.html page" or "I didn't link to the imanidiot.doc file, so no one should have downloaded it." Or, I can't rename index.html to dontlookatthis.htm and claim injury if I leave that file on an open server and someone happens to think to try loading a file with that name.

Some people think that if you don't put a link to a file on an html formatted page, no one can get the file, and I think that's what the person here is trying to find, i.e. did the individual simply change the html so that the incriminating document wasn't seen but fail to remove the file(s) altogether.

Frankly, I doubt someone aware of incriminating evidence that went to the extent of removing it from view would fail to remove it entirely, but there are stupid people in the world.

"Hacking" is deliberately bypassing security, like picking a lock.

Typing in URLs that lead to files on a server that are not protected, imho, is *not* hacking.

It's more a mindset of wanting to know how things work, what is where and why.

In the "good old days" of hacking, people looked at a little of everything and the intent was not to steal, but to figure out how things worked, why they worked that way and what happened if you did *this* to it. A hacker was someone who "hacked around" in systems to see how they worked and why.

The evil-doer in question probably knows what a honeypot is.

http://en.wikipedia.org/wiki/Honeypot (computing)

Good guys and bad guys both use them.

I'm not meaning to spread FUD here, but speaking from experience the blatant gaming around the Diebold issue was intensely irritating to me, and in the end this problem only reached a somewhat decent resolution here in California when Secretary of State Debra Bowen came out and started smacking people around. Then the minor gamers scattered into the woodwork like mice, and people like Bev Harris retreated into the slime to funnel their ill-gotten gains into personal bank accounts.