1. Home
  2. Web App Vulnerabilities
  3. How to remediate – Humans.txt File Detected
Searching...

How to remediate – Humans.txt File Detected

Contents

1. Introduction

A Humans.txt file has been detected on your system. Humans.txt is a text file websites can use to tell visitors about the people behind the site. While not directly exploitable, its presence reveals information about individuals involved in website development and maintenance, potentially aiding social engineering attacks or reconnaissance efforts. This poses a low impact risk to confidentiality.

2. Technical Explanation

The Humans.txt file is intentionally published by the website owner. It contains plain text details of people who worked on the site. An attacker can simply view this file via a web browser or automated scanning tools. There are no preconditions needed for exploitation other than public access to the website.

  • Root cause: Intentional publication of Humans.txt file containing personnel information.
  • Exploit mechanism: An attacker retrieves the contents of the Humans.txt file from a publicly accessible web server. This information can then be used for social engineering or reconnaissance.
  • Scope: Any website that publishes a Humans.txt file is affected.

3. Detection and Assessment

You can confirm if a system is vulnerable by checking for the presence of the Humans.txt file. A quick check involves browsing to the root directory of the web server, or using a web crawler.

  • Quick checks: Use a web browser to navigate to https://yourdomain.com/humans.txt. If the file exists, it will be displayed in the browser.
  • Scanning: Web vulnerability scanners may identify Humans.txt files as informational findings.
  • Logs and evidence: Web server access logs will show requests for humans.txt if accessed.
curl https://yourdomain.com/humans.txt

4. Solution / Remediation Steps

Remove the Humans.txt file from your web server to mitigate the risk of information disclosure. This is a straightforward process with minimal disruption.

4.1 Preparation

  • Backups are not typically needed for this remediation, as it involves deleting a static file. Stop no services.
  • Dependencies: None. Roll back plan: Restore the Humans.txt file from backups if necessary (unlikely).
  • Change window needs: No specific change window is required. Approval is not usually needed.

4.2 Implementation

  1. Step 1: Delete the Humans.txt file from the web server’s document root directory using your operating system’s file manager or command line interface.

4.3 Config or Code Example

There is no config or code example for this vulnerability, as it involves deleting a static file.

4.4 Security Practices Relevant to This Vulnerability

Data minimization and least privilege are relevant security practices. Reducing the amount of publicly available information limits potential attack vectors.

  • Practice 1: Data Minimization – Only publish essential data on public-facing websites.

4.5 Automation (Optional)

No automation is suitable for this vulnerability.

5. Verification / Validation

Confirm the fix by verifying that the Humans.txt file is no longer accessible via a web browser or command line tool.

  • Post-fix check: Use a web browser to navigate to https://yourdomain.com/humans.txt. You should receive a “404 Not Found” error.
  • Re-test: Re-run the quick check from Section 3; it should no longer display the file contents.
  • Monitoring: Monitor web server access logs for any unexpected requests to humans.txt, which could indicate an attempt to access the deleted file.
curl https://yourdomain.com/humans.txt - should return a 404 error.

6. Preventive Measures and Monitoring

  • Baselines: Update your security baseline to include a check for the presence of sensitive files on web servers.

7. Risks, Side Effects, and Roll Back

Deleting the Humans.txt file has minimal risk or side effects. The primary risk is that some website owners may intentionally publish this file for attribution purposes.

  • Risk or side effect 1: Removal of intentional attribution information. Mitigation: Document the reason for removal and consider alternative methods of attribution.
  • Roll back: Restore the Humans.txt file from a backup if necessary.

8. References and Resources

Resources related to the Humans.txt standard are provided below.

  • Vendor advisory or bulletin: N/A
  • NVD or CVE entry: N/A
  • Product or platform documentation relevant to the fix: https://humanstxt.org/
Updated on December 27, 2025

Was this article helpful?

Yes No

Related Articles