Why does "Backup archives publicly reachable" appear in ExposureGrid?

Scanners observe externally visible signals. A finding means our rules matched - validate severity and applicability in your environment.

Could this be a false positive?

Yes, depending on context and coverage limits. Especially for heuristic, partial, or pattern-based checks, corroborate with manual review.

Re-run a scan to confirm the external signal changed, then enable monitoring where your plan supports it.

Backup archives publicly reachable: what it means, why it may matter, and how to remediate with external verification using ExposureGrid.

Backup archives publicly reachable: Publicly reachable files or paths may leak configuration, backups, or operational details.

Signals are not confirmed breaches - validate whether content truly exposes secrets before assuming compromise.

Review web root publishing, deny sensitive paths at edge/WAF, search builds for stray artifacts.

Remove artifacts from public roots, block dotfiles, disable directory listing, rotate secrets if exposure is plausible, harden CI/CD outputs.

Run a scan to verify this fix on your domain

Use the same public scanner as the homepage — results honor your plan tier.

ExposureGrid performs safe, bounded path probes on entitled scans without downloading large sensitive payloads.

Why does "Backup archives publicly reachable" appear in ExposureGrid?: Scanners observe externally visible signals. A finding means our rules matched - validate severity and applicability in your environment.
Could this be a false positive?: Yes, depending on context and coverage limits. Especially for heuristic, partial, or pattern-based checks, corroborate with manual review.
What should I do after changing configuration?: Re-run a scan to confirm the external signal changed, then enable monitoring where your plan supports it.

ExposureGrid continuously monitors these issues and alerts you before they become exploitable.

Run a private scan

Compare plans