I don't know how this could possibly happen... on 2 of my websites, someone hacked into the admin areas and changed hundreds of things by clicking links. I log every action taken, along with the ip address of who did it and traced back the ip to googlebot.
I was using IIS basic authentication.... and I use the google tool bar.. Is it possible that google captured my password when I visited the site? I tried accessing those directories from a different computer, and I can NOT get in without entering a password. Has this happened to anyone else? To quick fix it, I changed my passwords, and my robots.txt file to disallow those directorys.. but isn't that a security risk in itself? Advertising which directories are secret? I also added another layer of protection - setting a cookie when they log in... supposedly googlebot can't handle cookies. Eventually I will change the system to use forms instead of links... but changing that will be a lot of work. Al. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:256056 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
