You are not logged in.

#1 2009-01-26 18:16:49

QuimaxW
Member
From: Papua New Guinea
Registered: 2006-12-03
Posts: 228
Website

Mythweb...beware the googlebot

Yea. It deleted all of my recordings on my mythtv server.

66.249.73.204 - - [25/Jan/2009:16:02:57 -0600] "GET /mythweb/tv/recorded?delete=yes&chanid=2491&starttime=1232571600 HTTP/1.1" 302 1 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

I know, my bad for not securing it. I have a dyndns account for my server at home. Until just now I had the site in my profile here, which is where I think google picked it up. I didn't have any links to it, and I wasn't worried about people finding it. Never thought about google bot finding it.

It 'clicked' on every delete recording link and deleted every recording on my server. From the logs, it also found my music & video files. In the process of clicking on links, it also managed to basically hose my mythconverg database for the scheduled recordings. I'm planning on just replacing the database with the blank stock database and starting over.

I'd only been playing with it, and hadn't gotten around to securing it yet, totally forgetting that it was accessable from the public internet.

Boo-hoo me. I know better, especially now. Just thought I'd throw a warning out there for anyone else wondering why in the world they would secure their mythweb install.


"He is no fool who gives what he cannot keep to gain that which he cannot lose." -Jim Elliot

Offline

#2 2009-01-26 18:18:24

X/ax
Member
From: Oost vlaanderen, Belgium
Registered: 2008-01-13
Posts: 275
Website

Re: Mythweb...beware the googlebot

Just so you know, google is probably not even near the person who opened that link.
One probably used the googlebot user agent instead. Sounds a lot more likely...


My coding blog (or an attempt at it)
Archer start page (or an attempt at it)

Offline

#3 2009-01-26 22:11:54

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Mythweb...beware the googlebot

I'd be thinking it was Google:

$ host 66.249.73.204
204.73.249.66.in-addr.arpa domain name pointer crawl-66-249-73-204.googlebot.com.

Offline

#4 2009-01-26 22:55:12

QuimaxW
Member
From: Papua New Guinea
Registered: 2006-12-03
Posts: 228
Website

Re: Mythweb...beware the googlebot

I think it was google as the host lookup goes back to google server. Also, if I 'google' my host name on google, I do have cached results that appear.

It's actually a little frightening.


"He is no fool who gives what he cannot keep to gain that which he cannot lose." -Jim Elliot

Offline

#5 2009-01-26 23:29:39

userlander
Member
Registered: 2008-08-23
Posts: 413

Re: Mythweb...beware the googlebot

wow, if that's true, time to tweak the robots.txt :eek:

Offline

#6 2009-01-27 00:03:27

Ruckus
Member
Registered: 2007-02-17
Posts: 204

Re: Mythweb...beware the googlebot

More like just protect it with a user/password with .htaccess or w/e.

Offline

#7 2009-01-27 04:14:58

QuimaxW
Member
From: Papua New Guinea
Registered: 2006-12-03
Posts: 228
Website

Re: Mythweb...beware the googlebot

Which, ironically, was my next task to accomplish...just hadn't gotten there.

It will be user/password protected before it sees the light of the public side again.


"He is no fool who gives what he cannot keep to gain that which he cannot lose." -Jim Elliot

Offline

#8 2009-01-27 05:11:17

Ranguvar
Member
Registered: 2008-08-12
Posts: 2,545

Re: Mythweb...beware the googlebot

That's AMAZING xD

Bookmarked... might submit to Digg, too big_smile

Thanks for the lulz.

Offline

Board footer

Powered by FluxBB