HR Geeks

Avatar

Hampton Roads Geek community

Googlebot deleted my website

Filed under: humor - security - website

So due to some really bad coding on our part, googlebot managed to wipe out a bunch of web content on one of our webpages today. The webpage is setup so that the individual pages all include a small piece of php code that pulls it’s content out of an SQL database and spits it out. We set this up for particular pages so that the user can make changes to the content with an HTML editor in a /admin sort of setup. It’s not the fanciest, but it’s simple, efficient and reliable.

Well the customer calls me this morning and tells me that all their content is missing, which I quickly confirm to be fairly accurate. I fire back an e-mail saying that the pages must have been deleted through the admin interface because the missing pages have been removed from the database. I then go off to read logfiles with the intent of finding evidence that this customer blew up their own webpage and that it’s not my problem, because that’s how I think. Here’s what I find in my logs:

66.249.73.92 - - [02/May/2008:13:48:47 -0400] “GET /admin/website_pages_delete.php?id=25 HTTP/1.1″ 200 4642 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”

66.249.73.92 - - [02/May/2008:13:52:39 -0400] “GET /admin/website_pages_delete.php?id=26 HTTP/1.1″ 200 4760 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”

66.249.73.92 - - [02/May/2008:14:10:44 -0400] “GET /admin/website_pages_delete.php?id=42 HTTP/1.1″ 200 4642 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”

So it would appear that the session based authentication for the pages in /admin wasn’t added to the delete script, and somehow (i’d really love to know) google managed to find out about, and traverse links from, the page with all the delete links on it. When it did, it deleted every single page out of the database. Obviously this never ever should have been possible but hey. The lesson here is don’t be lazy and just put the authentication mechanism on the index page. Fortunately it was only done on this particular site. Whatcha gonna do. I blame Google…

Comments: 4

Who has the better satellite view?

Filed under: cool ideas - links - website

I recently was linked to Flash Earth. This site allows you to switch between satellite map views with a click of the mouse. Compare Google, Yahoo!, Microsoft VE (Virtual Earth), Ask.com, OpenLayers, and NASA Terra.

Flash Earth Screen Shot 01

Images are presented via an all Flash interface and the speed you can switch between services and at which the overlays are changed is quite amazing.

I thought Google had really good images of Norfolk till I switched over to Microsoft VE. Here is an example of the Norfolk Southern coal yard and train depot. (Left: Microsoft VE,Right: Google)

Flash Earth Screen Shot Microsoft VE Flash Earth Screen Shot Google

Thanks Erin.

Comments: 1

Continue