June 22, 2003
How Alexa Hacked My Links

Sorry for another non-Flash related post, but this one is too nice not to be told: as you might notice lots of the links in my left sidebar are suddenly missing. [UPDATE - I have repaired them now, so you can see them again] I was pretty surprised, too when I saw this and immediately thought of some kind of database problem. But a check revealed that there was no bug whatsovever, the links were simply deleted. Only a tiny little rest of them survived.

So it looked like some annoying wannabe-hacker had somehow found out the "secret" URL of my link adminstration script. Okay I have to admit that my security measures in this case where close to none - it was simply a php script called "editlinks.php" (its exact location of course noboy knew but me) and there was no password protection. Pretty stupid, huh?.

Next step was to check my logfiles. And indeed there it was: for four hours straight this kid had rummaged through my links and deleted one of them after another. Four hours! Didn't that guy get bored after a while? Alternating doing a "delete" and a "refresh" and what was most mysterious: loading robots.txt before each action. What kind of weirdo is this? Further checking revealed even more strangeness: the very first log entry was a "delete". That is in so far unusual, because you have to open the overview page first to select what you want to delete. But there was no such entry. They guy knew what he wanted - come to my page, and immediately start deleting. His first random URL guess hit the spot. No way, that's impossible!

Finally the IP adresses gave me a clue: 209.237.238.172/173/174/175 lead all to Alexa. It's the adresses of the Alexa bot which crawls the internet. But here comes the catch - how does Alexa know an adress which is not linked from anywhere? I told her myself! Unknowingly I revealed the adress by using one of my browsers which has the Alexa Toolbar installed. The toolbar logs every page you visit in order to build its index of top 100000 websites.

So what happened was this: I used my admin page and revealed the "secret" URL to Alexa. The Alexa bot comes for a visit and crawls my - not password protected - page. On this page it discovers a lot of new links: I'm lazy so for each link entry there is a "edit", "refresh" and a "DELETE" link. So there is a lot to do for the bot: crawl "edit", crawl "refresh" and finally - crawl "delete". There goes my link collection right into nirvana. Fortunately I have a backup somewhere. Guess I will able to restore them tomorrow.

Lesson learned: - NEVER have an admin page without password protection, no matter how unimportant the content is. NEVER surf admin pages with an Alexa Toolbar "enhanced" browser (except if they are on a https:// URL). ALWAYS make a backup. Jesus saves.

Posted at June 22, 2003 11:20 PM | Further reading
Comments

Was really fun to read! Thanks for sharing.

Posted by: Burak KALAYCI on June 23, 2003 04:26 AM

lol. That's a classic story. I too have had "unhackable" links for my sites set up.

Scott

Posted by: Scott Manning on June 23, 2003 04:54 AM

I almost sent you and email, Mario. I thought you were in the middle of some upgrade or enhancement to your site.

LOL. I can almost imagine all your trouble man.... Thanks for sharing your story.

Posted by: Oscar Trelles on June 23, 2003 08:25 AM

How strange! Thanks for sharing
Regards,
Arul

Posted by: Arul on June 24, 2003 02:39 AM

1984 -George Orwell?

Kinda funny how you opened the door for the spider. mmmmmm... webfood... =D

Posted by: kevin on June 24, 2003 08:53 AM

What a funny and interesting story... ;-)

Cheers, Roland

Posted by: Roland Schaer on June 24, 2003 09:33 AM

If you had an entry in your robots.txt file that told crawlers not to follow/index links in that path, you would have been fine. That's what robots.txt is for and is why you saw a request for it from Alexa. Google for it. Nearly all crawlers (or "robots") respect this file's instructions.

Posted by: Oisin Grehan on June 26, 2003 11:40 AM

The problem with robots.txt in this case is that it would also tell other "crawlers" aka. human hackers where to find those "secret" unprotected pages.

Posted by: coma2mario on June 26, 2003 11:51 AM

That is the most insane bug I've ever heard of. Hilarious.

Posted by: Smug Canadian on July 3, 2003 06:00 AM
Post a comment
Name:


Email Address:


URL:


Comments:


Remember info?



Site Search

Google
quasimondo.com
incubator.quasimondo.com
lectures.quasimondo.com
My Twitter Updates
Best Of Quasimondo
The Stake
Picturedisko
Islands Of Consciousness
Flickeur
Clockr
Tagnautica
Kaleidoscope
Realtime Video Color Keying
Flash 8 ColorMatrix Class
Flash 8 BitmapExporter
Marching Ants Path
Marching Ants Rectangle
Full Justified Text Component
swfImageProxy
xml2swf
Amazon Explorer [FF Trailer]
AS Shape Decoder
Voronoi Diagram
Worldmap Locator
Page Turn Interface
Google Search Widget
WACK
LOCOMA
The Candle
The Candle II
The Flash Connection
The Flash Connection II
The J.H. Lynch Mystery
The Crying Boy
Categories
Home

Concentration
Hydration
Incubation
Information
Inspiration
Manipulation
Observation
Occupation
Publication
Relevation
Transformation
Vibration
Visualization
Upcoming Events
Highly Recommended
Ralph Hauwert
Grant Skinner
André Michelle
Joa Ebert
Jer Thorp
Eugene Zatepyakin
Nicolas Barradeau
Links of Interest
Thank you!
Most Visited Entries
Optimizing Flash Based Face Detection
Page Flip: The Final Word
Flash BitmapExporter: Compress and Save Images
Flash 8: ColorMatrix
Automated Threshold & Edge Detection
Saving JPEGs or PNGs with Flash 8 Revisited
Shared Library Secrets
Flash 8: Realtime Video Color Keying
How to Enable MP3 Ringtones on a Sony Ericsson v800
Page Turn Lecture Files
Sketches, Works & Source Code
The Incubator
Quasimondo Libs
Flickr Gallery
Popular on Aviary

Lectures
Upcoming Conferences:

FITC Amsterdam 2009
Flexcamp Amsterdam 2009
FITC Toronto 2009
FFK 2009, Cologne
flashconference/fmx 2009, Stuttgart
FlashBrighton UG Meeting, Brighton
Flash on Tap 2009, Boston
Flashbelt 2009, Minneapolis
Flash At The Lake 2009, Zürich
Flash On The Beach 2009, Brighton
FITC Edmonton 2009
FITC Tokyo 2009
FITC Amsterdam 2010
Flashcamp Tokyo 2010
Flashcamp Seoul 2010
FFK 10, Cologne
FITC Toronto 2010
Flashbelt Minneapolis 2010
FITC San Francisco 2010
Flash on the Beach 2010
Decoded 2010, Munich

My Past Lectures
Contact
Contact me
Backlog
May 2010
January 2010
December 2009
October 2009
September 2009
July 2009
May 2009
March 2009
February 2009
December 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
February 2008
November 2007
October 2007
September 2007
August 2007
June 2007
May 2007
April 2007
March 2007
February 2007
December 2006
November 2006
September 2006
August 2006
July 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
In Love with
Jasmine T.
Powered by
Movable Type 2.661

© Copyright Mario Klingemann

Syndicate this site:
RSS 1.0 - RSS 2.0

Quasimondo @ flickr
Quasimondo @ LinkedIn
Quasimondo @ Twitter
Quasimondo @ Facebook
Quasimondo @ MySpace
Quasimondo is a Bright
Citizen of the TRansnational Republic
My other blog in german
Impressum


My family name is written Klingemann,
not Klingelmann, Klingeman, Klingaman, Kingemann,
Kindermann, Killingaman, Klingman, Klingmann, Klingonman
Klingemman, Cleangerman, Klingerman or Kleangerman