开发者

Is this the new way of spam? How can i protect my website?

Recently with the Google webmaster tools, i discovered the following (not found) Crawl errors

http://mydomain.com/warning_this_is_english_domain_to_solve_this_problem_submit_site_in_atoall.com.html

After Googling i found that this one might be a new way of spam.

But wait a second, from programmer's prespecive, what is going on with my website? Is there something am i doing wrong? Is there any security hole i currently do not see?

UPDATE: References

http://blog.colnect.com/2009/12/ne开发者_高级运维w-spam-technique-warningthisisenglish.html

http://blog.colnect.com/2009/12/save-us-from-index-spamming.html


The problem is that these people wrote a custom 404 handler that looks nice to humans, but it also allows hackers to trick bots. This is a vulnerability that is being actively exploited to spread spam.

If you search for the text, a ton of these spammer links pop up: http://www.google.com/search?q=warning+this+is+english+domain+to+save+this+problem&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

The 2nd link for me is this: http://www.acronymfinder.com/warning_this_is_english_domain_to_solve_this_problem_submit_site_in_atoall.com.html

If you go to the page you'll see the text: "No matches for warning-this-is-english-domain-to-solve-this-problem-submit-site-in-atoall.com"

To protect your self try the same hack on your system. Try putting: http://www.whatever.com/some-bs-text.html

If you can see some-bs-text in your web browser, then someone oculd trick Google into seeing arbitrary text on your page. Its better to just tell people that the page cannot be found.


I think this just means that someone (or more likely something) requested that file from your server. Your server replied with a 404 error, (or possibly a 200) but the error showed up in your log. This does not indicate any security vulnerability and there is no need for you to take an action.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜