That's no good, but are you sure it's targeting CakePHP and not just any sites based on an MVC framework or that use RESTful URLs? That's a pretty standard routing pattern these days (I assume you meant to say "/admin/model/action", not "/model/admin/action"), and I'm pretty sure that more than a few frameworks/CMSes use it.
But regardless of whether Cake sites are being targeted by spammers or not, you shouldn't have a public website with unprotected admin URLs. If you're using admin routing, then you can just use the Auth component, which will restrict access to all actions except for login/ logout, and then specifically allow the public actions you need to give access to. That way, you'll never have any unprotected admin URLs that you simply forgot about removing or protecting. On May 13, 4:36 am, Stuart Cross <[email protected]> wrote: > I have seen evidence of SPAM spiders hunting for BAKE'd Cake sites > with unprotected admin urls. They are simply using the model names > from urls and hitting model/admin/add model/admin/edit/n in the access > logs. May seem obvious but check you lock down your admin methods and > remove unwanted baked methods. We did actually get hit by this but the > table was overwritten hourly from an external source so took us a > while to notice (Forgot to remove the un-needed baked controller). > > Anyone else seen CakePHP directly targetted by SPAMers / Hackers? > > Check out the new CakePHP Questions sitehttp://cakeqs.organd help others with > their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] For more options, visit this group > athttp://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
