I can't really speak for others, but for me, I want the visitor, more often than not a search engine to know that what they are looking for does not exist. I have a number of very old sites which have thousands of hits to them for content that simply doesn't exist anymore and/or has been reformatted completely different. The current default it telling the search engine, they found it, when in fact they didn't so they keep updating their engine result as if there really was content there.
There is a bit of a security aspect too... I'm sure we all have seen attempts to see if some particular package is installed on your site in a string of tests that hit all at once, Those bots typically collect the results and come back later to try to exploit them. With even bad hits showing up with 200 codes, it makes it look like you have all that stuff when you may have none of it. Last thing you need is to have some bot then hitting your site with tons of exploit attempts clogging up your traffic, logs etc.. Up until now, they all were reported as 200 Ok... example this morning... 94.63.246.3 "GET //admin/mysql/scripts/setup.php HTTP/1.1" 200 4484 94.63.246.3 "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 200 4487 94.63.246.3 "GET //admin/pma/scripts/setup.php HTTP/1.1" 200 4483 94.63.246.3 "GET //admin/scripts/setup.php HTTP/1.1" 200 4473 94.63.246.3 "GET //controls/ps3-dbadmin/scripts/setup.php HTTP/1.1" 200 4491 94.63.246.3 "GET //db/scripts/setup.php HTTP/1.1" 200 4471 94.63.246.3 "GET //dbadmin/scripts/setup.php HTTP/1.1" 200 4475 94.63.246.3 "GET //myadmin/scripts/setup.php HTTP/1.1" 200 4474 94.63.246.3 "GET //myadmin/scripts/setup.php HTTP/1.1" 200 4474 94.63.246.3 "GET //mysql-admin/scripts/setup.php HTTP/1.1" 200 4477 94.63.246.3 "GET //mysql/scripts/setup.php HTTP/1.1" 200 4474 94.63.246.3 "GET //mysqladmin/scripts/setup.php HTTP/1.1" 200 4477 94.63.246.3 "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 200 4479 94.63.246.3 "GET //p/m/a/scripts/setup.php HTTP/1.1" 200 4482 94.63.246.3 "GET //php-my-admin/scripts/setup.php HTTP/1.1" 200 4479 94.63.246.3 "GET //php-myadmin/scripts/setup.php HTTP/1.1" 200 4478 94.63.246.3 "GET //phpm/scripts/setup.php HTTP/1.1" 200 4473 94.63.246.3 "GET //phpmanager/scripts/setup.php HTTP/1.1" 200 4477 94.63.246.3 "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 200 4478 94.63.246.3 "GET //phpmy/scripts/setup.php HTTP/1.1" 200 4475 94.63.246.3 "GET //phpMyA/scripts/setup.php HTTP/1.1" 200 4479 94.63.246.3 "GET //phpmyad-sys/scripts/setup.php HTTP/1.1" 200 4478 94.63.246.3 "GET //phpmyad/scripts/setup.php HTTP/1.1" 200 4476 94.63.246.3 "GET //phpMyAdmi/scripts/setup.php HTTP/1.1" 200 4481 94.63.246.3 "GET //phpMyAdmin-2.10.0/scripts/setup.php HTTP/1.1" 200 4505 94.63.246.3 "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 200 4485 94.63.246.3 "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 226 94.63.246.3 "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 200 4480 94.63.246.3 "GET //phpMyAdmin2/scripts/setup.php HTTP/1.1" 200 4482 94.63.246.3 "GET //phpMyAds/scripts/setup.php HTTP/1.1" 200 4481 94.63.246.3 "GET //PMA/scripts/setup.php HTTP/1.1" 200 4475 94.63.246.3 "GET //PMA2005/scripts/setup.php HTTP/1.1" 200 4479 94.63.246.3 "GET //pma2005/scripts/setup.php HTTP/1.1" 200 4476 94.63.246.3 "GET //sqlmanager/scripts/setup.php HTTP/1.1" 200 4475 94.63.246.3 "GET //sqlweb/scripts/setup.php HTTP/1.1" 200 4474 94.63.246.3 "GET //vhcs2/tools/pma/scripts/setup.php HTTP/1.1" 200 4495 94.63.246.3 "GET //vhcs/tools/pma/scripts/setup.php HTTP/1.1" 200 4493 94.63.246.3 "GET //tools/pma/scripts/setup.php HTTP/1.1" 200 4483 94.63.246.3 "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 200 4492 94.63.246.3 "GET //webadmin/scripts/setup.php HTTP/1.1" 200 4475 94.63.246.3 "GET //webdb/scripts/setup.php HTTP/1.1" 200 4474 94.63.246.3 "GET //websql/scripts/setup.php HTTP/1.1" 200 4476 94.63.246.3 "GET //xampp/phpMyAdmin/scripts/setup.php HTTP/1.1" 200 4494 94.63.246.3 "GET //phpmy/scripts/setup.php HTTP/1.1" 200 4475 That bot (now blocked) thinks I've got all those goodies to play with when none of them are there or at least not setup in that fashion I have been updating all my sites to use it. On Tue, Jan 25, 2011 at 2:58 PM, The Editor <[email protected]> wrote: > Looks like you are right Kevin. I will fix that along with a couple > other things and put out a new release soon. :) > > Just out of curiosity, should the default behavior be to use these > server headers or not? > > Cheers, > Dan > > > On Tue, Jan 25, 2011 at 12:53 PM, Kevin <[email protected]> wrote: > > Is this the right syntax? > > > > if (BOLTconfig('serverHeaders') == 'true') > > > > Seems that other things that look at BOLTconfig are using something like: > > > > BOLTconfig('BOLTautoLines', 'true'); > > > > Where the item being look for is preceded with BOLT > > > > Changing lines in engine.php seem to make it work.. > > > > if (BOLTconfig('BOLTserverHeaders') == 'true') header('HTTP/1.1 404 Not > > Found'); > > > > and > > > > if (BOLTconfig('BOLTserverHeaders') == 'true') header('HTTP/1.1 403 > > Forbidden'); > > > > On Tue, Jan 25, 2011 at 11:34 AM, Kevin <[email protected]> wrote: > >> > >> Dan, did you get a chance to see why this didn't work? > >> > >> I added serverHeaders: true and it made no difference. I tried the > same > >> on a few others with the same results. > >> > >> They return HTTP/1.1 200 OK > >> Regardless of what page I hit, existing or not. > >> > >> I see where the code is in engine.php, but I've not tried to setup some > >> sort of test to see if it is triggering or not. > >> > >> These are all 3.4.14. > >> > >> On Sun, Jan 23, 2011 at 7:38 PM, Kevin <[email protected]> wrote: > >>> > >>> Tried that and it didn't seem to make a change. Still outputs a 200 > >>> code. > >>> > >>> On Sun, Jan 23, 2011 at 7:22 PM, The Editor <[email protected]> wrote: > >>>> > >>>> Try putting serverHeaders: true in site.config and see if that works. > >>>> > >>>> We could make it the default easily enough. I'm open to arguments for > >>>> the pro's con's. > >>>> > >>>> Cheers, > >>>> Dan > >>>> > >>>> > >>>> On Sun, Jan 23, 2011 at 7:56 PM, Kevin <[email protected]> > wrote: > >>>> > I've noticed lots of hits for an older site from search engines for > >>>> > content > >>>> > that simply does not and should not exist. currently that triggers > >>>> > the > >>>> > action.missing page which from the logs shows it is return code of > >>>> > 200. > >>>> > > >>>> > Is there a way to get action.missing to issue a 404 code? > >>>> > > >>>> > Example log entry: > >>>> > > >>>> > ycar8.mobile.re3.yahoo.com - - [23/Jan/2011:19:23:42 -0500] "GET > >>>> > /greyhound.htm HTTP/1.1" 200 14435 "-" "YahooCacheSystem" > >>>> > > >>>> > I saw a posting titled "Reporting 404 messages to error logs" which > >>>> > someone > >>>> > was modifying the library.php but your reply indicated you had > already > >>>> > added > >>>> > hooks to do this. > >>>> > > >>>> > Perhaps this should be a default ?? > >>>> > > >>>> > -- > >>>> > You received this message because you are subscribed to the Google > >>>> > Groups > >>>> > "BoltWire" group. > >>>> > To post to this group, send email to [email protected]. > >>>> > To unsubscribe from this group, send email to > >>>> > [email protected]<boltwire%[email protected]> > . > >>>> > For more options, visit this group at > >>>> > http://groups.google.com/group/boltwire?hl=en. > >>>> > > >>>> > >>>> -- > >>>> You received this message because you are subscribed to the Google > >>>> Groups "BoltWire" group. > >>>> To post to this group, send email to [email protected]. > >>>> To unsubscribe from this group, send email to > >>>> [email protected]<boltwire%[email protected]> > . > >>>> For more options, visit this group at > >>>> http://groups.google.com/group/boltwire?hl=en. > >>>> > >>> > >> > > > > -- > > You received this message because you are subscribed to the Google Groups > > "BoltWire" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<boltwire%[email protected]> > . > > For more options, visit this group at > > http://groups.google.com/group/boltwire?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "BoltWire" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<boltwire%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/boltwire?hl=en. > > -- You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/boltwire?hl=en.
