[MLB-WIRELESS] Re: Melbourne Wireless reminder / node cull

Tyson Clugg tyson at wireless.org.au
Mon Aug 19 11:10:23 EST 2002


Someone was using wget to pull down a copy of the site.  Since wget by
default will follow any link (regardless of exclusion statements in
robots.txt), it triggered the password retrieval script for every node.  As
Drew said, we now have some rules in to help prevent this from happening.

In the meantime, I'm working on a better solution to the bot issue which
will be able to block hostile bots (the ones that don't follow the
robots.txt exclusion standard).  This should stop spam bots and people being
stupid with wget, while allowing nice bots like the google bot to operate
unhindered.

With respect to passwords sent via cleartext over e-mail - let's not start a
new holy war.  If you can suggest a method by which anyone with a plain text
e-mail client and a basic web browser can have their passwords set if they
forget, then please, make that suggestion directly to me and we will see if
it can be implemented on the site.

Cheers,
Tyson.
___________________________

   Tyson at wireless.org.au
 Treasurer at wireless.org.au
   B/H: +61 3 9545 8117
   A/H: +61 3 9887 0117
   Mob: +61 4 0889 7662
___________________________

----- Original Message -----
From: "Andrew Griffiths" <nullptr at tasmail.com>
To: <melbwireless at wireless.org.au>
Sent: Sunday, August 18, 2002 8:37 PM
Subject: Re: [MLB-WIRELESS] Re: Melbourne Wireless reminder / node cull


> Hi Drew,
>
> On Saturday, August 17, 2002 at 11:11:22 AM, Drew wrote:
>
> > Someone from an Italian ISP, or someone with a shell account there
> > crawled the site, we've taken steps to prevent this from happening
> > again. For those mailing me worried about their passwords, relax, the
> > mail went to you, not anyone else.
>
> If it was a bot, then the potential for an attacker to gather passwords
(Since it is sent cleartext).
>
> If it was a signle person or mebe a group of people that where targeted,
can we be certain that an attacker hasn't compromised any routers along
wireless.org.au and your email/pop/imap/* server, or servers holding peoples
email en route, etc?
>
>
>
> --
> www.tasmail.com
>
>
>
> To unsubscribe: send mail to majordomo at wireless.org.au
> with "unsubscribe melbwireless" in the body of the message
>


To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list