June 22, 2003
How Alexa Hacked My Links

Sorry for another non-Flash related post, but this one is too nice not to be told: as you might notice lots of the links in my left sidebar are suddenly missing. [UPDATE - I have repaired them now, so you can see them again] I was pretty surprised, too when I saw this and immediately thought of some kind of database problem. But a check revealed that there was no bug whatsovever, the links were simply deleted. Only a tiny little rest of them survived.

So it looked like some annoying wannabe-hacker had somehow found out the "secret" URL of my link adminstration script. Okay I have to admit that my security measures in this case where close to none - it was simply a php script called "editlinks.php" (its exact location of course noboy knew but me) and there was no password protection. Pretty stupid, huh?.

Next step was to check my logfiles. And indeed there it was: for four hours straight this kid had rummaged through my links and deleted one of them after another. Four hours! Didn't that guy get bored after a while? Alternating doing a "delete" and a "refresh" and what was most mysterious: loading robots.txt before each action. What kind of weirdo is this? Further checking revealed even more strangeness: the very first log entry was a "delete". That is in so far unusual, because you have to open the overview page first to select what you want to delete. But there was no such entry. They guy knew what he wanted - come to my page, and immediately start deleting. His first random URL guess hit the spot. No way, that's impossible!

Finally the IP adresses gave me a clue: 209.237.238.172/173/174/175 lead all to Alexa. It's the adresses of the Alexa bot which crawls the internet. But here comes the catch - how does Alexa know an adress which is not linked from anywhere? I told her myself! Unknowingly I revealed the adress by using one of my browsers which has the Alexa Toolbar installed. The toolbar logs every page you visit in order to build its index of top 100000 websites.

So what happened was this: I used my admin page and revealed the "secret" URL to Alexa. The Alexa bot comes for a visit and crawls my - not password protected - page. On this page it discovers a lot of new links: I'm lazy so for each link entry there is a "edit", "refresh" and a "DELETE" link. So there is a lot to do for the bot: crawl "edit", crawl "refresh" and finally - crawl "delete". There goes my link collection right into nirvana. Fortunately I have a backup somewhere. Guess I will able to restore them tomorrow.

Lesson learned: - NEVER have an admin page without password protection, no matter how unimportant the content is. NEVER surf admin pages with an Alexa Toolbar "enhanced" browser (except if they are on a https:// URL). ALWAYS make a backup. Jesus saves.

Posted at June 22, 2003 11:20 PM | Further reading
Comments

Was really fun to read! Thanks for sharing.

Posted by: Burak KALAYCI on June 23, 2003 04:26 AM

lol. That's a classic story. I too have had "unhackable" links for my sites set up.

Scott

Posted by: Scott Manning on June 23, 2003 04:54 AM

I almost sent you and email, Mario. I thought you were in the middle of some upgrade or enhancement to your site.

LOL. I can almost imagine all your trouble man.... Thanks for sharing your story.

Posted by: Oscar Trelles on June 23, 2003 08:25 AM

How strange! Thanks for sharing
Regards,
Arul

Posted by: Arul on June 24, 2003 02:39 AM

1984 -George Orwell?

Kinda funny how you opened the door for the spider. mmmmmm... webfood... =D

Posted by: kevin on June 24, 2003 08:53 AM

What a funny and interesting story... ;-)

Cheers, Roland

Posted by: Roland Schaer on June 24, 2003 09:33 AM

If you had an entry in your robots.txt file that told crawlers not to follow/index links in that path, you would have been fine. That's what robots.txt is for and is why you saw a request for it from Alexa. Google for it. Nearly all crawlers (or "robots") respect this file's instructions.

Posted by: Oisin Grehan on June 26, 2003 11:40 AM

The problem with robots.txt in this case is that it would also tell other "crawlers" aka. human hackers where to find those "secret" unprotected pages.

Posted by: coma2mario on June 26, 2003 11:51 AM

That is the most insane bug I've ever heard of. Hilarious.

Posted by: Smug Canadian on July 3, 2003 06:00 AM
Post a comment
Name:


Email Address:


URL:


Comments:


Remember info?



Thank you!

Most Visited Entries
Sketches, Works & Source Code
Lectures
Contact
Backlog
In Love with
Powered by
Movable Type 2.661

© Copyright Mario Klingemann

Syndicate this site:
RSS 1.0 - RSS 2.0

Quasimondo @ flickr
Quasimondo @ LinkedIn
Quasimondo @ Twitter
Quasimondo @ Facebook
Quasimondo @ MySpace
Quasimondo is a Bright
Citizen of the TRansnational Republic
My other blog in german
Impressum


My family name is written Klingemann,
not Klingelmann, Klingeman, Klingaman, Kingemann,
Kindermann, Killingaman, Klingman, Klingmann, Klingonman
Klingemman, Cleangerman, Klingerman or Kleangerman

profile for Quasimondo at Stack Overflow, Q&A for professional and enthusiast programmers