Re: check for yourself (((;
Exactly... and on that note: http://www.whitehouse.gov/robots.txt --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: check for yourself (((;
Some php projects had to cope with that. I can remember phpbb : http://isc.sans.org/diary.php?date=2004-12-21 But many other projects suffered from this . > is there enough advantage to be had by > parsing the HTML response of a google search, that malware writers > would bother to write that, rather than just trying IPs at random? Well attacking at random means very low infection rate per attack. Using google they are almost certain to hit a vulnerable app for every attack. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: check for yourself (((;
Seems to me that robots.txt is the first place I'd look if I was looking to cause some trouble. :) Jay Ian Clelland wrote: > I always > assumed that all they would do is connect over port 80, and try to > retrieve something like /admin/, or another platform-specific resource > over http, and there's not much that excluding the URL through > /robots.txt is going to do to stop that. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: Re: check for yourself (((;
On 8/18/06, Ian Clelland <[EMAIL PROTECTED]> wrote: > I'm actually curious though -- is there enough advantage to be had by > parsing the HTML response of a google search, that malware writers > would bother to write that, rather than just trying IPs at random? Yup. The 'Santy' worm[1] (which used Google to locate vulnerable phpBB installations) is one example. [1] http://www.f-secure.com/v-descs/santy_a.shtml -- "May the forces of evil become confused on the way to your house." -- George Carlin --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: check for yourself (((;
On 18/08/2006, at 4:39 PM, Ian Clelland wrote: > > On 8/17/06, Ian Holsman <[EMAIL PROTECTED]> wrote: >> this is how various worms spread in the past. they did a google >> search for a specific 'feature' >> and then with a known vulnerability in hand, they would attack that >> site, put their worm on it, and repeat. > > Ian, > > Do you know of worms that would actually try to leverage a web service > such as google, and interpret the results of that search? http://www.viruslist.com/en/viruses/encyclopedia?virusid=68388 > I always > assumed that all they would do is connect over port 80, and try to > retrieve something like /admin/, or another platform-specific resource > over http, and there's not much that excluding the URL through > /robots.txt is going to do to stop that. some did do that, but that it isn't very efficient, and gets noticed quickly. > > I'm actually curious though -- is there enough advantage to be had by > parsing the HTML response of a google search, that malware writers > would bother to write that, rather than just trying IPs at random? > > > Getting more off-topic by the minute, > Ian Clelland > <[EMAIL PROTECTED]> > > > -- Ian Holsman [EMAIL PROTECTED] http://car-chatter.com/ where car fanatics meet --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: check for yourself (((;
On 8/17/06, Ian Holsman <[EMAIL PROTECTED]> wrote: > this is how various worms spread in the past. they did a google > search for a specific 'feature' > and then with a known vulnerability in hand, they would attack that > site, put their worm on it, and repeat. Ian, Do you know of worms that would actually try to leverage a web service such as google, and interpret the results of that search? I always assumed that all they would do is connect over port 80, and try to retrieve something like /admin/, or another platform-specific resource over http, and there's not much that excluding the URL through /robots.txt is going to do to stop that. I'm actually curious though -- is there enough advantage to be had by parsing the HTML response of a google search, that malware writers would bother to write that, rather than just trying IPs at random? Getting more off-topic by the minute, Ian Clelland <[EMAIL PROTECTED]> --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: check for yourself (((;
On 8/17/06, Adrian Holovaty <[EMAIL PROTECTED]> wrote: > You're right -- it doesn't really matter. This was just a small change > to hide the pages from bots, because there's really no value in Google > indexing the admin login screens. (Other than the coolness factor of > being able to do one of those searches and see all the cool sites > running Django. Woo hoo! :-) ) Indeed, woo hoo! :-) That is cool. (And I didn't have a problem with the robots meta tag. Doesn't hurt anything. Just curious if I really should be worried about something.) Cheers, deryck -- Deryck Hodgehttp://www.devurandom.org/ Web Developer, Naples News http://www.naplesnews.com/ Samba Team http://www.samba.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: check for yourself (((;
On 18/08/2006, at 12:56 PM, Deryck Hodge wrote: > > > I know I'm missing something obvious, but why is this a problem? It's > not like the default, well-documented admin location isn't /admin/ on > a Django site. I not trying to be a smart aleck or critical. I'm > really curious what I'm missing. Why does it matter that a search > engine knows where the admin page is? while *you* might know just by looking at a site that is written in django, bots might not. lets say there was a security problem in django where it didn't handle a specific HTTP request (say SQL injection for example) using these searches I can get a list of sites I could potentially own. this is how various worms spread in the past. they did a google search for a specific 'feature' and then with a known vulnerability in hand, they would attack that site, put their worm on it, and repeat. that is one example on why it could be bad. there are others I could think of but I'm not going to mention them. > > Cheers, > deryck > > -- > Deryck Hodge http:// > www.devurandom.org/ > Web Developer, Naples News http://www.naplesnews.com/ > Samba Team http:// > www.samba.org/ > -- Ian Holsman [EMAIL PROTECTED] http://VC-chat.com It's what the VC's talk about --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: check for yourself (((;
On 8/17/06, Deryck Hodge <[EMAIL PROTECTED]> wrote: > I know I'm missing something obvious, but why is this a problem? It's > not like the default, well-documented admin location isn't /admin/ on > a Django site. I not trying to be a smart aleck or critical. I'm > really curious what I'm missing. Why does it matter that a search > engine knows where the admin page is? You're right -- it doesn't really matter. This was just a small change to hide the pages from bots, because there's really no value in Google indexing the admin login screens. (Other than the coolness factor of being able to do one of those searches and see all the cool sites running Django. Woo hoo! :-) ) Adrian -- Adrian Holovaty holovaty.com | djangoproject.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: check for yourself (((;
On 8/17/06, Adrian Holovaty <[EMAIL PROTECTED]> wrote: > > On 8/17/06, Ian Holsman <[EMAIL PROTECTED]> wrote: > > actually we can help there as well by putting in a > > in the default > > admin base_site.html file. > > That's a great idea -- I've taken care of that in changeset 3600. An FYI and related question... Googlebot only follows referring links. If these sites had their admin site indexed, it was because they linked to it. A quick check on some of the hits with site:SITE-FROM-RESULTS inanchor:admin | intext:admin seems to find the offending pages from the sites. A few just link to their admin page, some have error pages with tracebacks. So be very careful about links or errors if you're concerned about this. Which brings me to my question... I know I'm missing something obvious, but why is this a problem? It's not like the default, well-documented admin location isn't /admin/ on a Django site. I not trying to be a smart aleck or critical. I'm really curious what I'm missing. Why does it matter that a search engine knows where the admin page is? Cheers, deryck -- Deryck Hodge http://www.devurandom.org/ Web Developer, Naples News http://www.naplesnews.com/ Samba Team http://www.samba.org/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: check for yourself (((;
On 8/17/06, Ian Holsman <[EMAIL PROTECTED]> wrote: > actually we can help there as well by putting in a > in the default > admin base_site.html file. That's a great idea -- I've taken care of that in changeset 3600. Adrian -- Adrian Holovaty holovaty.com | djangoproject.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: check for yourself (((;
actually we can help there as well by putting in a in the default admin base_site.html file. /me goes to switch URL paths to make it a bit less obvious on his sites On 18/08/2006, at 5:12 AM, James Bennett wrote: > > On 8/17/06, wiz <[EMAIL PROTECTED]> wrote: >> http://www.google.com/search?hl=en==Django+administration >> +Admin+Log+in+Username+Password=Search > > And... that just tells us that people need to have their robots.txt > disallow '/admin/' (or wherever they choose to have their admin app > live). I would *hope* that web developers know this, and know how to > do this already... > > -- > "May the forces of evil become confused on the way to your house." > -- George Carlin > > > -- Ian Holsman [EMAIL PROTECTED] http://zyons.com/ build a Community with Django --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: Re: check for yourself (((;
On 8/17/06, James Bennett <[EMAIL PROTECTED]> wrote: > On 8/17/06, wiz <[EMAIL PROTECTED]> wrote: > > http://www.google.com/search?hl=en==Django+administration+Admin+Log+in+Username+Password=Search Incidentally, using Google's 'allintitle' keyword gives better results: http://www.google.com/search?hl=en=_qdr=all=allintitle%3A+Log+in+%7C+Django+site+admin=Search -- "May the forces of evil become confused on the way to your house." -- George Carlin --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---
Re: check for yourself (((;
On 8/17/06, wiz <[EMAIL PROTECTED]> wrote: > http://www.google.com/search?hl=en==Django+administration+Admin+Log+in+Username+Password=Search And... that just tells us that people need to have their robots.txt disallow '/admin/' (or wherever they choose to have their admin app live). I would *hope* that web developers know this, and know how to do this already... -- "May the forces of evil become confused on the way to your house." -- George Carlin --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~--~~~~--~~--~--~---