This makes sense. I'll fix the bug and change the default. Cheers, Dan
On Tue, Jan 25, 2011 at 4:09 PM, Kevin <[email protected]> wrote: > I can't really speak for others, but for me, I want the visitor, more often > than not a search engine to know that what they are looking for does not > exist. I have a number of very old sites which have thousands of hits to > them for content that simply doesn't exist anymore and/or has been > reformatted completely different. The current default it telling the search > engine, they found it, when in fact they didn't so they keep updating their > engine result as if there really was content there. > > There is a bit of a security aspect too... I'm sure we all have seen > attempts to see if some particular package is installed on your site in a > string of tests that hit all at once, Those bots typically collect the > results and come back later to try to exploit them. With even bad hits > showing up with 200 codes, it makes it look like you have all that stuff > when you may have none of it. > > Last thing you need is to have some bot then hitting your site with tons of > exploit attempts clogging up your traffic, logs etc.. > > Up until now, they all were reported as 200 Ok... example this morning... > > 94.63.246.3 "GET //admin/mysql/scripts/setup.php HTTP/1.1" 200 4484 > 94.63.246.3 "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 200 4487 > 94.63.246.3 "GET //admin/pma/scripts/setup.php HTTP/1.1" 200 4483 > 94.63.246.3 "GET //admin/scripts/setup.php HTTP/1.1" 200 4473 > 94.63.246.3 "GET //controls/ps3-dbadmin/scripts/setup.php HTTP/1.1" 200 4491 > 94.63.246.3 "GET //db/scripts/setup.php HTTP/1.1" 200 4471 > 94.63.246.3 "GET //dbadmin/scripts/setup.php HTTP/1.1" 200 4475 > 94.63.246.3 "GET //myadmin/scripts/setup.php HTTP/1.1" 200 4474 > 94.63.246.3 "GET //myadmin/scripts/setup.php HTTP/1.1" 200 4474 > 94.63.246.3 "GET //mysql-admin/scripts/setup.php HTTP/1.1" 200 4477 > 94.63.246.3 "GET //mysql/scripts/setup.php HTTP/1.1" 200 4474 > 94.63.246.3 "GET //mysqladmin/scripts/setup.php HTTP/1.1" 200 4477 > 94.63.246.3 "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 200 4479 > 94.63.246.3 "GET //p/m/a/scripts/setup.php HTTP/1.1" 200 4482 > 94.63.246.3 "GET //php-my-admin/scripts/setup.php HTTP/1.1" 200 4479 > 94.63.246.3 "GET //php-myadmin/scripts/setup.php HTTP/1.1" 200 4478 > 94.63.246.3 "GET //phpm/scripts/setup.php HTTP/1.1" 200 4473 > 94.63.246.3 "GET //phpmanager/scripts/setup.php HTTP/1.1" 200 4477 > 94.63.246.3 "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 200 4478 > 94.63.246.3 "GET //phpmy/scripts/setup.php HTTP/1.1" 200 4475 > 94.63.246.3 "GET //phpMyA/scripts/setup.php HTTP/1.1" 200 4479 > 94.63.246.3 "GET //phpmyad-sys/scripts/setup.php HTTP/1.1" 200 4478 > 94.63.246.3 "GET //phpmyad/scripts/setup.php HTTP/1.1" 200 4476 > 94.63.246.3 "GET //phpMyAdmi/scripts/setup.php HTTP/1.1" 200 4481 > 94.63.246.3 "GET //phpMyAdmin-2.10.0/scripts/setup.php HTTP/1.1" 200 4505 > 94.63.246.3 "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 200 4485 > 94.63.246.3 "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 226 > 94.63.246.3 "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 200 4480 > 94.63.246.3 "GET //phpMyAdmin2/scripts/setup.php HTTP/1.1" 200 4482 > 94.63.246.3 "GET //phpMyAds/scripts/setup.php HTTP/1.1" 200 4481 > 94.63.246.3 "GET //PMA/scripts/setup.php HTTP/1.1" 200 4475 > 94.63.246.3 "GET //PMA2005/scripts/setup.php HTTP/1.1" 200 4479 > 94.63.246.3 "GET //pma2005/scripts/setup.php HTTP/1.1" 200 4476 > 94.63.246.3 "GET //sqlmanager/scripts/setup.php HTTP/1.1" 200 4475 > 94.63.246.3 "GET //sqlweb/scripts/setup.php HTTP/1.1" 200 4474 > 94.63.246.3 "GET //vhcs2/tools/pma/scripts/setup.php HTTP/1.1" 200 4495 > 94.63.246.3 "GET //vhcs/tools/pma/scripts/setup.php HTTP/1.1" 200 4493 > 94.63.246.3 "GET //tools/pma/scripts/setup.php HTTP/1.1" 200 4483 > 94.63.246.3 "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 200 4492 > 94.63.246.3 "GET //webadmin/scripts/setup.php HTTP/1.1" 200 4475 > 94.63.246.3 "GET //webdb/scripts/setup.php HTTP/1.1" 200 4474 > 94.63.246.3 "GET //websql/scripts/setup.php HTTP/1.1" 200 4476 > 94.63.246.3 "GET //xampp/phpMyAdmin/scripts/setup.php HTTP/1.1" 200 4494 > 94.63.246.3 "GET //phpmy/scripts/setup.php HTTP/1.1" 200 4475 > > That bot (now blocked) thinks I've got all those goodies to play with when > none of them are there or at least not setup in that fashion > > I have been updating all my sites to use it. > > On Tue, Jan 25, 2011 at 2:58 PM, The Editor <[email protected]> wrote: >> >> Looks like you are right Kevin. I will fix that along with a couple >> other things and put out a new release soon. :) >> >> Just out of curiosity, should the default behavior be to use these >> server headers or not? >> >> Cheers, >> Dan >> >> >> On Tue, Jan 25, 2011 at 12:53 PM, Kevin <[email protected]> wrote: >> > Is this the right syntax? >> > >> > if (BOLTconfig('serverHeaders') == 'true') >> > >> > Seems that other things that look at BOLTconfig are using something >> > like: >> > >> > BOLTconfig('BOLTautoLines', 'true'); >> > >> > Where the item being look for is preceded with BOLT >> > >> > Changing lines in engine.php seem to make it work.. >> > >> > if (BOLTconfig('BOLTserverHeaders') == 'true') header('HTTP/1.1 404 Not >> > Found'); >> > >> > and >> > >> > if (BOLTconfig('BOLTserverHeaders') == 'true') header('HTTP/1.1 403 >> > Forbidden'); >> > >> > On Tue, Jan 25, 2011 at 11:34 AM, Kevin <[email protected]> wrote: >> >> >> >> Dan, did you get a chance to see why this didn't work? >> >> >> >> I added serverHeaders: true and it made no difference. I tried the >> >> same >> >> on a few others with the same results. >> >> >> >> They return HTTP/1.1 200 OK >> >> Regardless of what page I hit, existing or not. >> >> >> >> I see where the code is in engine.php, but I've not tried to setup some >> >> sort of test to see if it is triggering or not. >> >> >> >> These are all 3.4.14. >> >> >> >> On Sun, Jan 23, 2011 at 7:38 PM, Kevin <[email protected]> wrote: >> >>> >> >>> Tried that and it didn't seem to make a change. Still outputs a 200 >> >>> code. >> >>> >> >>> On Sun, Jan 23, 2011 at 7:22 PM, The Editor <[email protected]> wrote: >> >>>> >> >>>> Try putting serverHeaders: true in site.config and see if that works. >> >>>> >> >>>> We could make it the default easily enough. I'm open to arguments for >> >>>> the pro's con's. >> >>>> >> >>>> Cheers, >> >>>> Dan >> >>>> >> >>>> >> >>>> On Sun, Jan 23, 2011 at 7:56 PM, Kevin <[email protected]> >> >>>> wrote: >> >>>> > I've noticed lots of hits for an older site from search engines for >> >>>> > content >> >>>> > that simply does not and should not exist. currently that triggers >> >>>> > the >> >>>> > action.missing page which from the logs shows it is return code of >> >>>> > 200. >> >>>> > >> >>>> > Is there a way to get action.missing to issue a 404 code? >> >>>> > >> >>>> > Example log entry: >> >>>> > >> >>>> > ycar8.mobile.re3.yahoo.com - - [23/Jan/2011:19:23:42 -0500] "GET >> >>>> > /greyhound.htm HTTP/1.1" 200 14435 "-" "YahooCacheSystem" >> >>>> > >> >>>> > I saw a posting titled "Reporting 404 messages to error logs" which >> >>>> > someone >> >>>> > was modifying the library.php but your reply indicated you had >> >>>> > already >> >>>> > added >> >>>> > hooks to do this. >> >>>> > >> >>>> > Perhaps this should be a default ?? >> >>>> > >> >>>> > -- >> >>>> > You received this message because you are subscribed to the Google >> >>>> > Groups >> >>>> > "BoltWire" group. >> >>>> > To post to this group, send email to [email protected]. >> >>>> > To unsubscribe from this group, send email to >> >>>> > [email protected]. >> >>>> > For more options, visit this group at >> >>>> > http://groups.google.com/group/boltwire?hl=en. >> >>>> > >> >>>> >> >>>> -- >> >>>> You received this message because you are subscribed to the Google >> >>>> Groups "BoltWire" group. >> >>>> To post to this group, send email to [email protected]. >> >>>> To unsubscribe from this group, send email to >> >>>> [email protected]. >> >>>> For more options, visit this group at >> >>>> http://groups.google.com/group/boltwire?hl=en. >> >>>> >> >>> >> >> >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "BoltWire" group. >> > To post to this group, send email to [email protected]. >> > To unsubscribe from this group, send email to >> > [email protected]. >> > For more options, visit this group at >> > http://groups.google.com/group/boltwire?hl=en. >> > >> >> -- >> You received this message because you are subscribed to the Google Groups >> "BoltWire" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/boltwire?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "BoltWire" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/boltwire?hl=en. > -- You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/boltwire?hl=en.
