Who's online

There are currently 0 users and 12 guests online.

Hijack problem with sitemaps?

Submitted by cornwall on Fri, 2005-11-18 05:06

A thread at WMW flags a potential hijack problem with Google sitemaps. Someone more competant than I on the technicalities involved may like to comment.

Quote:
Without giving specifics, there is a major problem with the site map system which allows anyone who can create a file to 'claim' ownership of a site, or a domain within a site.

If you own or run any WIKI, any system which allows user uploadable files (with specified file name), or any system which allows users to create pages with names based upon the title ('seo friendly' pages) then I urge you to take steps to ensure that URLs of the form:

GOOGLEb74h6s3m49v87f.html

cannot be created.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

shame on you

Submitted by DaveN on Fri, 2005-11-18 05:15.

hahaha next people will be hacking into servers .. i wonder what data you can get for the firefox website .... DaveN all angelfaced goes back to programming :)

DaveN

Don't hit the panic button

Submitted by Sebastian on Fri, 2005-11-18 06:14.

The same goes for robots.txt. An application must enable uploads to the root level to put the site owner at risk of others watching his 404 errors served to Googlebot. Submitting and processing of sitemaps works w/o verification. Even deactivated sitemaps are easy to spot via server logs, and then an email to Google should solve the issue, and reveal the offender.

but who's fault is it

Submitted by DaveN on Fri, 2005-11-18 06:28.

i found a better exploit :)

DaveN

Indeed

Submitted by Sebastian on Fri, 2005-11-18 07:58.

Just viewed the AOL stats and others.

yep

Submitted by eadz on Fri, 2005-11-18 08:18.

Yep someone posted it in the Wmw thread.

Dave that was sweet! Part of

Submitted by graywolf on Fri, 2005-11-18 08:30.

Dave that was sweet! Part of the blame does lie with the webmaster but Google you are partly to blame here, and please don't trot out that lame excuse you used when web accelerator started pulling files it wasn't supposed to.

Weird glitch

Submitted by Sebastian on Fri, 2005-11-18 08:59.

They used to check for a probe file which should not exist. If this double-check would still be in place, the verification procedure would be fine.

Update: It's fixed

as usual ...

Submitted by plumsauce on Fri, 2005-11-18 15:27.

Google is depending on outsiders to vet the security of their systems. Problems might have been discovered if they weren't distracted by their lava lamps and 20 percent time on private projects. Security glitches have happened on every single inititative emanating from Google.

And the stock cracked the $400/share mark.

Irrational exuberance accompanied by irrational hubris?

User login

Username
Password
Create new account

Follow Threadwatch

Threadwatch XML Subscribe via Bloglines Subscribe via My Yahoo!