list contents of on-line folder with restricted access (and how to prevent this)

Question

Hi all:

I restricted access to my Internet folder, e.g.

http://www.my-domain/my_folder/my_sub_folder/

So that, for anybody access is denied (403 Forbidden message)

If I provide someone with a direct link to one of the folder's files, it is possible to access it from anywhere on the Internet, e.g.

http://www.my-domain/my_folder/my_sub_folder/a_file.pdf

Is there a possibility that somebody got a list of my files/the folder's contents?
I think that just happened ... how was that possible?
Somebody must have tried all combination for possible file names! Or is there another way, that I overlooked?

Best regards,
Simon

Edit: if the link to the file can be found by Google, then there must be a reference to the file's address somewhere else on the Internet, right? Is there a chance to find that link? (Just out of curiosity, I limited the access to my files in the mean time.)

Answer 1

There are several low-probability avenues:

1. You sent the filename to somebody, and somebody else was looking over his/her shoulder.
2. Somebody is sniffing traffic on your ethernet segment, or the recipient's segment in item 1 above.
3. You have a keylogger or other spyware installed on your system (very low probability)
4. The filename was really obvious and someone guessed it.

Security by obscurity (i.e. nobody knows it's there, so it's safe) is well known to be almost worthless. If you really want security enable SSL and set up password protection.