> I don't know how this could possibly happen... > > on 2 of my websites, someone hacked into the admin areas > and changed hundreds of things by clicking links. I log > every action taken, along with the ip address of who did it > and traced back the ip to googlebot. > > I was using IIS basic authentication.... and I use the google > tool bar.. > Is it possible that google captured my password when I > visited the site?
This sounds like the Google Web Accelerator: http://webaccelerator.google.com/ Do you have this installed? > To quick fix it, I changed my passwords, and my robots.txt > file to disallow those directorys.. but isn't that a > security risk in itself? Advertising which directories are secret? You don't block Google for security reasons, you do it to keep it from crawling things you don't want crawled. Listing private directories in robots.txt is a potential leakage of information, but is relatively inconsequential if your private content is properly secured. If you don't have any links to those directories in your public content, you shouldn't need to put them in robots.txt, although I probably would as a matter of course. > I also added another layer of protection - setting a cookie > when they log in... supposedly googlebot can't handle cookies. Google Web Accelerator can, I think. > Eventually I will change the system to use forms instead > of links... but changing that will be a lot of work. This is the real issue. HTTP GET requests shouldn't be able to change anything: http://en.wikipedia.org/wiki/Idempotence_(computer_science) Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:256061 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
