The mystery has been solved.
We recently gave the client a copy of the full log files from the past
three years. It sounds like they loaded the log files into
NetTracker/6.0 Enterprise and hit "GO". Lucky thing that the admin
pages are coded to require a user to be login via a session var in order
to access the admin pages. It would not have been fun to restore form
back up all of the data that could be deleted from the admin pages.
(130ish admin pages that control the site content)
We promptly told them to stop. Any data that they would get form 3
years of log file spidering would be very inaccurate. So many of the
pages have been renamed , moved .etc.
Mark W. Breneman
-Cold Fusion Developer
-Network Administrator
Vivid Media
[EMAIL PROTECTED]
www.vividmedia.com
608.270.9770
-----Original Message-----
From: Andre Turrettini [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 08, 2003 4:42 PM
To: CF-Talk
Subject: RE: Bots / spiders finding unlinked pages... How?
Also, I'd look in your logs. I'd find the reference relating to your
search
engine and the hidden page. It should tell you the name of the program
that
requested it. Then look for references just before it. One of those
pages
might have told the engine about your hidden page.
DRE
-----Original Message-----
From: Andre Turrettini [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 08, 2003 3:22 PM
To: CF-Talk
Subject: RE: Bots / spiders finding unlinked pages... How?
does the program tell you the refering pages? On google you can find
out
how many sites have links to yours.
Also, you might want to check that none of your hidden files are the
folder
default files as well.
DRE
-----Original Message-----
From: Ian Skinner [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 08, 2003 1:55 PM
To: CF-Talk
Subject: RE: Bots / spiders finding unlinked pages... How?
Another way, I've heard of "hidden" files being found is by user's
browsing.
If a user was looking at one of these non-linked files, then moved onto
another page. The URL of the hidden file is available as
"HTTP-Referrer"
This could then be followed back to the original file.
--------------
Ian Skinner
Web Programmer
BloodSource
www.BloodSource.org
Sacramento, CA
-----Original Message-----
From: Mosh Teitelbaum [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 08, 2003 12:06 PM
To: CF-Talk
Subject: RE: Bots / spiders finding unlinked pages... How?
One possible way is if you have a search feature built into your site.
Internal search engines index files not by URL but by directory/file and
would therefore find "hidden" documents. If the spider can somehow
access a
search results page (submit a blank form maybe?) those files might show
up.
Regardless, never assume that a file is safely hidden on your website
simply
because it is not linked to. There have been several high profile
"finds"
of "hidden" files ranging from obituaries for people who were not dead
to
sensitive internal documents. As a rule, don't put anything on a web
server
unless you're willing to let people see it.
--
Mosh Teitelbaum
evoch, LLC
Tel: (301) 942-5378
Fax: (301) 933-3651
Email: [EMAIL PROTECTED]
WWW: http://www.evoch.com/ <http://www.evoch.com/>
<http://www.evoch.com/>
<http://www.evoch.com/>
-----Original Message-----
From: Mark W. Breneman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 08, 2003 12:42 PM
To: CF-Talk
Subject: OT:Bots / spiders finding unlinked pages... How?
One of our clients' IS department just got NetTracker/6.0 Enterprise and
has set it loose on the site. It has found several pages that are not
linked from any where. I do not have directory browsing turned on and I
know these pages are not linked from any page..
How is it possible that it found these unlinked pages?
Can other Bots / spiders also find unlinked pages?
Thanks
Mark W. Breneman
-Cold Fusion Developer
-Network Administrator
Vivid Media
[EMAIL PROTECTED]
www.vividmedia.com
608.270.9770
_____
_____
_____
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
