vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Google/Guest reads an admin thread? (https://vborg.vbsupport.ru/showthread.php?t=208756)

Peter Ostry 03-19-2009 01:16 AM
Google/Guest reads an admin thread?
 
We see at least two Google bots trying to look into an admin forum. What should the screenshot below tell us and how do these bots get into this forum as guests?

http://img.skitch.com/20090319-bdp8q...gs2dxbj3ac.jpg

Could there be problems with forum permissions? The admin fora are normally not visible for guests or registered users. We haven't checked the serverlogs yet but I call this a serious security issue. Btw, the thread shown in the screenshot was opened by an admin because of this undesirable activity.

Swampfox 03-19-2009 01:22 AM
See the stop sign? they are only viewing the no permissions page

Peter Ostry 03-19-2009 01:49 AM
Thanks for trying to calm me down but I see only a red image delivered by a software under certain circumstances. We have seen the bots accidently on two different threads, both threads wrapped into an admin-only forum. As vBulletin showed the access, the respective thread was the topmost under a row of stickies. I do not blame vBulletin yet, I am just not sure that these Google crawlers can not read the title of the threads.

We can certainly learn more in a couple of hours when the admin scans the serverlog. But I am currently not relaxed.

Lynne 03-19-2009 02:38 AM
A bot is simply an Unregistered user. Check the permissions for that group. And, if you don't believe those, logout of your forum and see what you can see. Whatever you can see is what a bot can see.

nexialys 03-19-2009 02:39 AM
do you have GoogleAds on your site? any Banners engine? Google Analytics will also check all the pages that you visited, because they log your pages content for keywords etc

Peter Ostry 03-19-2009 05:35 PM
I checked the server log and, as an unregistered user, tried many of the URLs called by the Google bots. I saw only the login page. You were right and I am relieved.

One issue remains, the origin of the concern. I can reproduce it with one browser, but it is easier to test with two:
  • I log in as an admin in browser A and browser B.
  • In browser A I go to the restricted admin area and spend some time there, reading threads.
  • In browser B I go to "View who is online" and can observe the way of the admin in browser A. The correct thread title is shown. BUT: the user name is "Guest" and the IP address belongs to a Google bot.
huh?

Is this a bug or do I have a little google glued to my shoes?

nexialys 03-19-2009 05:49 PM
if you refresh a page from one browser to the other, you are still user X, so you share the session between the browsers, and you are in a single place.. the other detail is the google bot itself, not your other user.

Peter Ostry 03-20-2009 09:29 AM
Quote:
Originally Posted by nexialys
you share the session
Sure it's me, this is the point.

---

I did a couple of other tests and guess I know what's going on: it looks like vBulletin's information is accurate and the bot is attached to myself:

http://img.skitch.com/20090320-pbfmx...agc8u4k7br.jpg

Peter Calgary is one of my test accounts and Peter Ostry is my admin account (same IP). The "guest" is a Google bot. It seems to follow Peter Ostry wherever he is. I am the one who ordered the GoogleAds. If this is related, I am not amused about the potential security risk and will remove this stuff as soon as possible. But however, the issue doesn't seem to be vBulletin related.


All times are GMT. The time now is 03:07 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01136 seconds
  • Memory Usage 1,722KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete