[clug] googlebot doing funny things in logs

Hal Ashburner hal at ashburner.info
Wed Jun 15 21:08:47 MDT 2011 

On 16/Jun/11 9:54 AM, Alex Satrapa wrote:
> On 15/06/2011, at 16:47 , Scott Ferguson wrote:
>
>> But please do implement .htaccess files, and check those permissions -
>> there's enough malware servers out there infecting Windows machines that
>> then slow my firewall down with their incessant attempts to spread their
>> diseases. ;-p
> I'd also suggest the following advice:
>
> Don't leave stuff on an Internet-facing host that you don't want to be accessible over the Internet. Your home network is not too small to matter. Your home network is not too small to be noticed.
>
> It's really simple: someone out there already knows a vulnerability which you and your OS publisher haven't heard of yet. If you start putting complex applications intended for individual use on an Internet-facing host, chances are you're opening a vulnerability which will end up being exploited by someone like lulzsec. The more junk you have installed on the Internet-facing host — regardless of whether it's listening to connections or just installed and "doing nothing — the more opportunities an intruder has of using your machine for their own purposes.
>
> There's a lot more to securing a machine than simply installing a firewall and DROPping every packet you don't like.
>
Tee hee! There's even more to securing a machine than that! :P
You've actually got to unplug it completely from the network "as Pwn2own 
has shown", just because you're running no services doesn't mean you 
can't be hacked. (Ooohhhh sorry ESR, cracked - now let me explain to the 
world that you reckon cracked means hacked, while hacked means something 
that doesn't lead the conversation to ESR being a gun nut who writes 
articles with titles like "Sex tips for geeks") ;-)

Then, because of wireless, bluetooth, ir, van-eck phreaking etc you've 
actually got to switch the machine off, unplug it and take out the 
battery if there is one.
But this still leaves the physical access attack vector, so you've got 
to make sure it can't be switched on. With an axe.
Drives could be swapped out to another machine - so they'd better be 
unreadable too. Encrypted isn't good enough because they could torture 
the password out of you even if the encryption scheme is "technically" 
perfect....

Or option B is to trade off a reasonable assessment of the risk and the 
cost with the value of the service while trying to minimise the first 
two to some reasonable degree then make your trade off. There are those 
who do this professionally, some on this list, who can answer questions 
about the practicalities of it better than me.  Reckon you're one of 
them Alex! So are you recommending nobody run services visible to the 
web unless they treat they are experts who are willing to spend more 
than N hours a week securing it?
Mythweb == evil ? ssh tunnel and use a curses interface (write it if it 
doesn't exist) : ssh tunnel and use mythweb invisible to the web as 
htdigest isn't remotely good enough;
DMZ the machine from the lan and keep nothing on the disks other than tv 
stuff?
Something else? What say you, i'd be interested to hear your (and 
others) reasoning.


--------

But back to the original point how does google even know that /mythweb 
exists, given nothing links to it, it's not my usual location for it, it 
is, and I believe always has been behind a password, and until I forgot 
it on the machine changeover on the weekend there was a robots.txt 
disallowing everything from anyone if they're remotely polite - which 
googlebot claims to be and usually seem to be.

1) I must have originally had it placed at /mythweb and linked from my 
front page and have forgotten I did this over 2 years ago while exposing 
it via the firewall.
2) I must have not had a robots.txt at that time as well as now.
3) I must have let the password protection down at that time.
4) Googlebot must have proceeded to do "it's normal practice" following 
links and indexing pages with all of these things simultaneously in 
effect and also remembered all this about my domain for over 2 years, 
then followed the memory of links rather than actual links, while 
keeping the memory of links in its index when refused access.
And there's basically no enquiry I can make with google about it.

Any one of those I'd say, absolutely fair enough, I'm a goose and I make 
mistakes and the mythweb setup was an experimental diversion, much as 
the whole mythtv thing was and is.
Two of them, yeah why not, coins land heads 4 times in a row, sure.
Three, sure, slap my head about being a bigger goose than I thought but 
we all have bad days, right? And I probably was having at least one or 
two of those 2 years ago now I think about it.
3 + google having an index of the structure of links from over 2 years ago?
Well okay. It *is* possible. Interesting if that's what it is, though, 
huh? I'd also have thought all that occurring simultaneously unlikely. 
If there's no alternative explanation I guess I'd have been doing some 
wrong thinking about that too.

As it is, there's no damage done, presumably the Goog will "forget" the 
no longer relevant links that are on it's page for my domain one day 
given they're not even indexed, but it might take more than 2 years. 
It's just a bit weird. So yeah, the "best" explanation I have is is 
"iSuck" and google odd.

And if nobody else sees anything like it in the world I guess we can 
safely say that Googlebot is not conducting "research" or I can have 
paranoid fantasies about being specifically targeted by googlebot which, 
I'd have to say, is very unlikely. A lot less likely than them 
acknowledging and apologising for their repeated telephone script "our 
engineers were brainstorming and suggested you'd be ideal for google and 
google wants you - but please read this ad and then passionately make 
your case why google should deign to consider you." Then going on to 
refusing to put me in touch with one of these engineers who they claim 
are friends of mine and who personally recommended me to discuss why 
they would think such a thing and /whether/ I'm any kind of fit for goog 
- which I might well not be at all. Common sense tells you it's just a 
bit of webstalking by paid placement consultants who are not google 
employees priming applications - paid on commission for applicants who 
get through weeks of interviews, still want the gig, and get hired - to 
the tune of 25% of salary. A good probability high paying raffle ticket 
for a couple of phonecalls and some web searching. If you toy with them 
long enough they'll admit to the initial scripted dishonesty. The 
placement consultant industry sucks very hard as most of us are aware - 
Google are no different to the norm for large, poisonous corporations on 
that front even if they do make claims to be different on other fronts. 
I'd love it if they took to that wart on their face, head on, as it were 
and disrupted the odiousness of the industry, wouldn't we all? Some also 
want ponies, ponies that defecate world peace... ;-)

Thanks all for your thoughts.
Hal

More information about the linux mailing list