Sloppy (Accidental Source Code) Deployment
All the of the software that I'm in charge of has its source code stored in Vault (from SourceGear.com). One of the nice features of vault are the shadow copies of files that before they get to/from the client. These are stored in (an automatically created) _sgbak folder. I just noticed that I had over 10,000 files in this _sgbak folder, and went to clean them out. First I was going to just wack the whole directory, but then I thought there might be some files of use, so my second inclination was to delete all files over 60 days, which is the majority of them.
Then my third thought (these all happened in about 2 seconds) was to do a quick online search to see if there was any advice or horror stories about removing these files. So naturally I did a search for the term "_sgbak".
I'm glad that first there is nothing that talks about any harm in deleting these files. But I also noticed that there are a ton of sites online that have these files published.
These files should never be published, because the files themselves are text files that would probably be exposing something you didn't intend to.
I can see how it would be easy to accidentally deploy these files for an ASP.NET application with an easy to do, incorrect drag/drop operation in an FTP client.
Hey Accidents happen -- Do your self a favor and check your production application for any _sgbak folders, and if you find them delete them.
UPDATE {5 Minutes after original post} ....
I just wrote this blog post a few minutes ago, and I thought I'd follow my own advice and do a server scan for _sgbak files. After all, accidents happen. Sure enough, I'm guilty. I am. I found two _sgbak folders on my production server. One was for a set of skins, and one was with a directory of email text file templates. No source code exposed, but still I never intended to deploy these files.
If you use source control, that keeps shadow copies, CHECK YOUR SERVER, I bet you'll be surprised at what you find.