I'm very glad about this decision. Does it make sense to make the old behavior optional, maybe for intranet use? Currently, I don't need this. Just a thought.
Regards, Markus On Wed, Jan 26, 2011 at 12:17 AM, The Editor <[email protected]> wrote: > This makes sense. I'll fix the bug and change the default. > > Cheers, > Dan > > > On Tue, Jan 25, 2011 at 4:09 PM, Kevin <[email protected]> wrote: >> I can't really speak for others, but for me, I want the visitor, more often >> than not a search engine to know that what they are looking for does not >> exist. I have a number of very old sites which have thousands of hits to >> them for content that simply doesn't exist anymore and/or has been >> reformatted completely different. The current default it telling the search >> engine, they found it, when in fact they didn't so they keep updating their >> engine result as if there really was content there. >> >> There is a bit of a security aspect too... I'm sure we all have seen >> attempts to see if some particular package is installed on your site in a >> string of tests that hit all at once, Those bots typically collect the >> results and come back later to try to exploit them. With even bad hits >> showing up with 200 codes, it makes it look like you have all that stuff >> when you may have none of it. >> >> Last thing you need is to have some bot then hitting your site with tons of >> exploit attempts clogging up your traffic, logs etc.. >> >> Up until now, they all were reported as 200 Ok... example this morning... >> >> 94.63.246.3 "GET //admin/mysql/scripts/setup.php HTTP/1.1" 200 4484 >> 94.63.246.3 "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 200 4487 >> 94.63.246.3 "GET //admin/pma/scripts/setup.php HTTP/1.1" 200 4483 >> 94.63.246.3 "GET //admin/scripts/setup.php HTTP/1.1" 200 4473 >> 94.63.246.3 "GET //controls/ps3-dbadmin/scripts/setup.php HTTP/1.1" 200 4491 >> 94.63.246.3 "GET //db/scripts/setup.php HTTP/1.1" 200 4471 >> 94.63.246.3 "GET //dbadmin/scripts/setup.php HTTP/1.1" 200 4475 >> 94.63.246.3 "GET //myadmin/scripts/setup.php HTTP/1.1" 200 4474 >> 94.63.246.3 "GET //myadmin/scripts/setup.php HTTP/1.1" 200 4474 >> 94.63.246.3 "GET //mysql-admin/scripts/setup.php HTTP/1.1" 200 4477 >> 94.63.246.3 "GET //mysql/scripts/setup.php HTTP/1.1" 200 4474 >> 94.63.246.3 "GET //mysqladmin/scripts/setup.php HTTP/1.1" 200 4477 >> 94.63.246.3 "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 200 4479 >> 94.63.246.3 "GET //p/m/a/scripts/setup.php HTTP/1.1" 200 4482 >> 94.63.246.3 "GET //php-my-admin/scripts/setup.php HTTP/1.1" 200 4479 >> 94.63.246.3 "GET //php-myadmin/scripts/setup.php HTTP/1.1" 200 4478 >> 94.63.246.3 "GET //phpm/scripts/setup.php HTTP/1.1" 200 4473 >> 94.63.246.3 "GET //phpmanager/scripts/setup.php HTTP/1.1" 200 4477 >> 94.63.246.3 "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 200 4478 >> 94.63.246.3 "GET //phpmy/scripts/setup.php HTTP/1.1" 200 4475 >> 94.63.246.3 "GET //phpMyA/scripts/setup.php HTTP/1.1" 200 4479 >> 94.63.246.3 "GET //phpmyad-sys/scripts/setup.php HTTP/1.1" 200 4478 >> 94.63.246.3 "GET //phpmyad/scripts/setup.php HTTP/1.1" 200 4476 >> 94.63.246.3 "GET //phpMyAdmi/scripts/setup.php HTTP/1.1" 200 4481 >> 94.63.246.3 "GET //phpMyAdmin-2.10.0/scripts/setup.php HTTP/1.1" 200 4505 >> 94.63.246.3 "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 200 4485 >> 94.63.246.3 "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 226 >> 94.63.246.3 "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 200 4480 >> 94.63.246.3 "GET //phpMyAdmin2/scripts/setup.php HTTP/1.1" 200 4482 >> 94.63.246.3 "GET //phpMyAds/scripts/setup.php HTTP/1.1" 200 4481 >> 94.63.246.3 "GET //PMA/scripts/setup.php HTTP/1.1" 200 4475 >> 94.63.246.3 "GET //PMA2005/scripts/setup.php HTTP/1.1" 200 4479 >> 94.63.246.3 "GET //pma2005/scripts/setup.php HTTP/1.1" 200 4476 >> 94.63.246.3 "GET //sqlmanager/scripts/setup.php HTTP/1.1" 200 4475 >> 94.63.246.3 "GET //sqlweb/scripts/setup.php HTTP/1.1" 200 4474 >> 94.63.246.3 "GET //vhcs2/tools/pma/scripts/setup.php HTTP/1.1" 200 4495 >> 94.63.246.3 "GET //vhcs/tools/pma/scripts/setup.php HTTP/1.1" 200 4493 >> 94.63.246.3 "GET //tools/pma/scripts/setup.php HTTP/1.1" 200 4483 >> 94.63.246.3 "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 200 4492 >> 94.63.246.3 "GET //webadmin/scripts/setup.php HTTP/1.1" 200 4475 >> 94.63.246.3 "GET //webdb/scripts/setup.php HTTP/1.1" 200 4474 >> 94.63.246.3 "GET //websql/scripts/setup.php HTTP/1.1" 200 4476 >> 94.63.246.3 "GET //xampp/phpMyAdmin/scripts/setup.php HTTP/1.1" 200 4494 >> 94.63.246.3 "GET //phpmy/scripts/setup.php HTTP/1.1" 200 4475 >> >> That bot (now blocked) thinks I've got all those goodies to play with when >> none of them are there or at least not setup in that fashion >> >> I have been updating all my sites to use it. >> >> On Tue, Jan 25, 2011 at 2:58 PM, The Editor <[email protected]> wrote: >>> >>> Looks like you are right Kevin. I will fix that along with a couple >>> other things and put out a new release soon. :) >>> >>> Just out of curiosity, should the default behavior be to use these >>> server headers or not? >>> >>> Cheers, >>> Dan >>> >>> >>> On Tue, Jan 25, 2011 at 12:53 PM, Kevin <[email protected]> wrote: >>> > Is this the right syntax? >>> > >>> > if (BOLTconfig('serverHeaders') == 'true') >>> > >>> > Seems that other things that look at BOLTconfig are using something >>> > like: >>> > >>> > BOLTconfig('BOLTautoLines', 'true'); >>> > >>> > Where the item being look for is preceded with BOLT >>> > >>> > Changing lines in engine.php seem to make it work.. >>> > >>> > if (BOLTconfig('BOLTserverHeaders') == 'true') header('HTTP/1.1 404 Not >>> > Found'); >>> > >>> > and >>> > >>> > if (BOLTconfig('BOLTserverHeaders') == 'true') header('HTTP/1.1 403 >>> > Forbidden'); >>> > >>> > On Tue, Jan 25, 2011 at 11:34 AM, Kevin <[email protected]> wrote: >>> >> >>> >> Dan, did you get a chance to see why this didn't work? >>> >> >>> >> I added serverHeaders: true and it made no difference. I tried the >>> >> same >>> >> on a few others with the same results. >>> >> >>> >> They return HTTP/1.1 200 OK >>> >> Regardless of what page I hit, existing or not. >>> >> >>> >> I see where the code is in engine.php, but I've not tried to setup some >>> >> sort of test to see if it is triggering or not. >>> >> >>> >> These are all 3.4.14. >>> >> >>> >> On Sun, Jan 23, 2011 at 7:38 PM, Kevin <[email protected]> wrote: >>> >>> >>> >>> Tried that and it didn't seem to make a change. Still outputs a 200 >>> >>> code. >>> >>> >>> >>> On Sun, Jan 23, 2011 at 7:22 PM, The Editor <[email protected]> wrote: >>> >>>> >>> >>>> Try putting serverHeaders: true in site.config and see if that works. >>> >>>> >>> >>>> We could make it the default easily enough. I'm open to arguments for >>> >>>> the pro's con's. >>> >>>> >>> >>>> Cheers, >>> >>>> Dan >>> >>>> >>> >>>> >>> >>>> On Sun, Jan 23, 2011 at 7:56 PM, Kevin <[email protected]> >>> >>>> wrote: >>> >>>> > I've noticed lots of hits for an older site from search engines for >>> >>>> > content >>> >>>> > that simply does not and should not exist. currently that triggers >>> >>>> > the >>> >>>> > action.missing page which from the logs shows it is return code of >>> >>>> > 200. >>> >>>> > >>> >>>> > Is there a way to get action.missing to issue a 404 code? >>> >>>> > >>> >>>> > Example log entry: >>> >>>> > >>> >>>> > ycar8.mobile.re3.yahoo.com - - [23/Jan/2011:19:23:42 -0500] "GET >>> >>>> > /greyhound.htm HTTP/1.1" 200 14435 "-" "YahooCacheSystem" >>> >>>> > >>> >>>> > I saw a posting titled "Reporting 404 messages to error logs" which >>> >>>> > someone >>> >>>> > was modifying the library.php but your reply indicated you had >>> >>>> > already >>> >>>> > added >>> >>>> > hooks to do this. >>> >>>> > >>> >>>> > Perhaps this should be a default ?? >>> >>>> > >>> >>>> > -- >>> >>>> > You received this message because you are subscribed to the Google >>> >>>> > Groups >>> >>>> > "BoltWire" group. >>> >>>> > To post to this group, send email to [email protected]. >>> >>>> > To unsubscribe from this group, send email to >>> >>>> > [email protected]. >>> >>>> > For more options, visit this group at >>> >>>> > http://groups.google.com/group/boltwire?hl=en. >>> >>>> > >>> >>>> >>> >>>> -- >>> >>>> You received this message because you are subscribed to the Google >>> >>>> Groups "BoltWire" group. >>> >>>> To post to this group, send email to [email protected]. >>> >>>> To unsubscribe from this group, send email to >>> >>>> [email protected]. >>> >>>> For more options, visit this group at >>> >>>> http://groups.google.com/group/boltwire?hl=en. >>> >>>> >>> >>> >>> >> >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> > Groups >>> > "BoltWire" group. >>> > To post to this group, send email to [email protected]. >>> > To unsubscribe from this group, send email to >>> > [email protected]. >>> > For more options, visit this group at >>> > http://groups.google.com/group/boltwire?hl=en. >>> > >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "BoltWire" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/boltwire?hl=en. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "BoltWire" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/boltwire?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "BoltWire" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/boltwire?hl=en. > > -- You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/boltwire?hl=en.
