As system administration has matured and information technology has come along over the past decade or so we've learned many things which appear to go in one ear and then out the other. Most of these deal with secure systems design, and basically how to keep from making yourself an easy target for hackers.
With that glowing in the back of my mind like a energy-saving lightbulb I went on a hunt for things that should not be available on the web.
First off, I think I've had this debate with people so many times it hurt my brain - but administrative interfaces to applications, appliances, or widgets simply shouldn't be available to the general web-based casual viewer. Worse yet, it should definitely *not* be index-able with a search engine.
With that in mind, I decided to give Google a chance to see how many people still allow open, administrator pages on the 'net. Granted, sometimes you just can't help this, right... but if I can index your admin page, and your authentication mechanism isn't well-built... it's only a matter of time before I pwn you. Check it out for yourself, go to Google, and use this search term "inurl:"admin" intext:administrator login" and see what you get. Scarry, huh? How many of these systems that you find do you think you can grind away at until you guess a password via brute-force?
Common boys and girls... you should *not* put an admin interface on the general net, that's what we have VPNs for, and management networks. *sigh*.