Googlehack Tracking202
If I had an exploitable flaw in Tracking202, like an SQL injection bug, and was a real prick looking for easy targets, I might run the following query on Google:
allinurl:”tracking202/redirect”
That happily returns a couple hundred thousand results… All Tracking 202 servers.
Its always a good idea to secure your shit…
A robots.txt won’t stop a hacker of any kind – but ye’olde security through obscurity shouldn’t be underestimated… It will stop all well-behaved search engines if you add the following to a file named robots.txt in the root of your domain.
User-agent: * Disallow: /
Yup, it’s that easy.
hackwack, and 
Mike Chiasson 1:38 am on June 15, 2010 Permalink |
Heh yeah I seen this one a while ago. This is just like Nicky Cakes landing page protect thing. Sometimes they just make you an obvious target.
I should have my SSL setup on my tracking202 server by tomorrow and then I might actually start using it.
negbox 5:02 am on June 15, 2010 Permalink |
Its a balancing act too. Usually the more secure you make your system, the harder it is to use!
My recent post Googlehack Tracking202
hackwack 8:09 am on June 18, 2010 Permalink |
Tracking202 isn't secure!!!
negbox 5:52 pm on June 18, 2010 Permalink |
You're probably right, it isn't secure – at least not against a determined attacker. I personally don't have the skills to crack open a server like that… I do know nothing is really secure given enough cash to hire the right folks, which isn't really that much considering exchange rates. I'm all ears open to suggestions on the tracking aspect. Develop my own stuff? Fly blind?
My recent post WordPress 3 Released!