Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
----- Original Message ----- From: "Greg Rundlett" <greg at freephile.com> ... > *The tools they used* > Google -helps script kiddies find my exploitable file phpexplorer. I > didn't put this script on my server, and I don't know how Google found > it. All I can tell you from my server logs is that people are searching > for this script and my site comes at the top of the list. ... FWIW - If any of the little crackers had Google toolbar installed (in Advanced mode), I have noticed that Google hits the site right behind the user. It sorta takes that whole issue about tracking user information to the next level. While reviewing logs, I also noticed that Google seems to use the credentials of the user logged into the website to search more effectively. I wasn't too thrilled to see that I had logged in from a Google IP and accessed 250+ page views on my site -- a large chunk of them meant to be internal or private (and are secured appropriately). This was happening in almost real-time. Now this may just be a fluke, possibly a side-effect of having being an adwords publisher but the spider was definitely not paying any attention to my robots.txt file. Here's an example of a new user that hit the site for the first time last night - I know he uses the Google toobar:(lines will wrap) h00111a508b2c.ne.client2.attbi.com - - [08/Aug/2004:07:44:59 -0400] "GET /modules.php?name=Your_Account&op=activate&username=USER&ch eck_num=35b711e1be9069719048dffa5b3 HTTP/1.1" 200 19012 64.233.173.134 - - [08/Aug/2004:07:45:03 -0400] "GET /modules.php?name=Your_Account&op=activate&username=USER&check_num=35b711e1be9 0 69719048dffa5b3 HTTP/1.1" 200 19012 h00111a508b2c.ne.client2.attbi.com - - [08/Aug/2004:07:45:35 -0400] "GET /modules.php?name=Forums&file=viewforum&f= HTTP/1.1" 200 40731 64.233.173.134 - - [08/Aug/2004:07:45:36 -0400] "GET /modules.php?name=Forums&file=viewforum&f=7 HTTP/1.1" 200 41999 Anyone else see a pattern here? --Tim
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |