HR Geeks

Avatar

Hampton Roads Geek community

May 5, 2008

Googlebot deleted my website

So due to some really bad coding on our part, googlebot managed to wipe out a bunch of web content on one of our webpages today. The webpage is setup so that the individual pages all include a small piece of php code that pulls it’s content out of an SQL database and spits it out. We set this up for particular pages so that the user can make changes to the content with an HTML editor in a /admin sort of setup. It’s not the fanciest, but it’s simple, efficient and reliable.

Well the customer calls me this morning and tells me that all their content is missing, which I quickly confirm to be fairly accurate. I fire back an e-mail saying that the pages must have been deleted through the admin interface because the missing pages have been removed from the database. I then go off to read logfiles with the intent of finding evidence that this customer blew up their own webpage and that it’s not my problem, because that’s how I think. Here’s what I find in my logs:

66.249.73.92 - - [02/May/2008:13:48:47 -0400] “GET /admin/website_pages_delete.php?id=25 HTTP/1.1″ 200 4642 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”

66.249.73.92 - - [02/May/2008:13:52:39 -0400] “GET /admin/website_pages_delete.php?id=26 HTTP/1.1″ 200 4760 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”

66.249.73.92 - - [02/May/2008:14:10:44 -0400] “GET /admin/website_pages_delete.php?id=42 HTTP/1.1″ 200 4642 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”

So it would appear that the session based authentication for the pages in /admin wasn’t added to the delete script, and somehow (i’d really love to know) google managed to find out about, and traverse links from, the page with all the delete links on it. When it did, it deleted every single page out of the database. Obviously this never ever should have been possible but hey. The lesson here is don’t be lazy and just put the authentication mechanism on the index page. Fortunately it was only done on this particular site. Whatcha gonna do. I blame Google…

4 Comments, Comment or Ping

  1. adam

    Hah, that’s like a self inflicted XSS/CSRF attack :) Good job there!
    You had backups right?!

    May 6th, 2008

  2. Ken Collinds

    All destructive actions should be behind a POST :)

    Hopefully you had DB backups?http://www.hrgeeks.com/wp-content/themes/grid-focus-public-10/images/btn_submit.gif

    May 6th, 2008

  3. Geoff

    before_filter :is_admin?, is_google_bot?

    And while we’re at it anything that deletes should be handled via a DELETE request… :)

    May 6th, 2008

  4. adam

    You REST goons are funny. REAL web servers don’t support DELETE :P

    May 9th, 2008

Reply to “Googlebot deleted my website”

Tech Pro. Groups

These are a few other technology / professional groups that are active in Hampton Roads.

  • ISSA HR - Information Systems Security Assoc.
  • ITPA HR - Information Technology Professional Assoc.
  • ODU ACM - Association of Computing Machinery
  • AITP of HR - Association of Info. Tech. Professionals

Geek / User groups

These are enthusiast and user-oriented groups.

  • TWUUG - Tidewater Unix(&linux) Users Group
  • HRSSUG - HR SQL Server Users Group
  • SEVAJUG - South Eastern VA Java Users Group
  • 757.PY - 757 Python Enthusiast Group
  • 757.RB - 757 Ruby Brigade
  • TARMAC - Tidewater Area Macintosh Users Group
  • HR 2600 - HamptonRoads 2600 Group
  • WSUUG - Web Standards and Usability User Group
  • HRNUG - Hampton Roads .NET User Group

Local Productions

Podcasts, Labs, Etc. from around Hampton Raods

Subscribe

Stay updated on meetings and activities via RSS (Syndicate).

Meta