Sorry for another non-Flash related post, but this one is too nice not to be told: as you might notice lots of the links in my left sidebar are suddenly missing. [UPDATE - I have repaired them now, so you can see them again] I was pretty surprised, too when I saw this and immediately thought of some kind of database problem. But a check revealed that there was no bug whatsovever, the links were simply deleted. Only a tiny little rest of them survived.
So it looked like some annoying wannabe-hacker had somehow found out the "secret" URL of my link adminstration script. Okay I have to admit that my security measures in this case where close to none - it was simply a php script called "editlinks.php" (its exact location of course noboy knew but me) and there was no password protection. Pretty stupid, huh?.
Next step was to check my logfiles. And indeed there it was: for four hours straight this kid had rummaged through my links and deleted one of them after another. Four hours! Didn't that guy get bored after a while? Alternating doing a "delete" and a "refresh" and what was most mysterious: loading robots.txt before each action. What kind of weirdo is this? Further checking revealed even more strangeness: the very first log entry was a "delete". That is in so far unusual, because you have to open the overview page first to select what you want to delete. But there was no such entry. They guy knew what he wanted - come to my page, and immediately start deleting. His first random URL guess hit the spot. No way, that's impossible!
Finally the IP adresses gave me a clue: 18.104.22.168/173/174/175 lead all to Alexa. It's the adresses of the Alexa bot which crawls the internet. But here comes the catch - how does Alexa know an adress which is not linked from anywhere? I told her myself! Unknowingly I revealed the adress by using one of my browsers which has the Alexa Toolbar installed. The toolbar logs every page you visit in order to build its index of top 100000 websites.
So what happened was this: I used my admin page and revealed the "secret" URL to Alexa. The Alexa bot comes for a visit and crawls my - not password protected - page. On this page it discovers a lot of new links: I'm lazy so for each link entry there is a "edit", "refresh" and a "DELETE" link. So there is a lot to do for the bot: crawl "edit", crawl "refresh" and finally - crawl "delete". There goes my link collection right into nirvana. Fortunately I have a backup somewhere. Guess I will able to restore them tomorrow.
Lesson learned: - NEVER have an admin page without password protection, no matter how unimportant the content is. NEVER surf admin pages with an Alexa Toolbar "enhanced" browser (except if they are on a https:// URL). ALWAYS make a backup. Jesus saves.Posted at June 22, 2003 11:20 PM | Further reading