[MLB-WIRELESS] url down?
Tyson Clugg
tyson at wireless.org.au
Tue Aug 20 11:52:21 EST 2002
> > It emailed out my password too at Sat 17/08/2002 2:29 PM
>
> me too. Is someone attempting to harvest the passwords somewhere? Or is it
a
> dumb webcrawler walking over the link?
For those that paid no attention to the explaination I gave previously...
____________________________________________________________________________
Someone was using wget to pull down a copy of the site. Since wget by
default will follow any link (regardless of exclusion statements in
robots.txt), it triggered the password retrieval script for every node. As
Drew said, we now have some rules in to help prevent this from happening.
In the meantime, I'm working on a better solution to the bot issue which
will be able to block hostile bots (the ones that don't follow the
robots.txt exclusion standard). This should stop spam bots and people being
stupid with wget, while allowing nice bots like the google bot to operate
unhindered.
With respect to passwords sent via cleartext over e-mail - let's not start a
new holy war. If you can suggest a method by which anyone with a plain text
e-mail client and a basic web browser can have their passwords set if they
forget, then please, make that suggestion directly to me and we will see if
it can be implemented on the site.
Cheers,
Tyson.
___________________________
Tyson at wireless.org.au
Treasurer at wireless.org.au
B/H: +61 3 9545 8117
A/H: +61 3 9887 0117
Mob: +61 4 0889 7662
___________________________
To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message
More information about the Melbwireless
mailing list