Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Alexa Monkey Business

__/ [www.1-script.com] on Thursday 13 October 2005 16:03 \__

> Roy Schestowitz wrote:
>> I have just found in my logs a request for one hidden file. That
>> request was
>> /not/ from an IP address that is mine. Made me very worried...
>> I then proceeded to reverse DNS lookup and guess what? The
>> Alexa/Amazon/A9
>> toolbars are not only keeping track of traffic, but also retain URL's
>> of
>> pages that you visit and /use/ them, i.e. visit them and maybe crawling
>> them. Knowing that the Web Archive, AKA Time Machine belongs to Alexa,
>> this
>> is scary at the least. These visits from Alexa might include hidden
>> page
>> that you may have on your fileserver and occasionally access. Handle
>> with
>> care!
>> Roy
> Hey, Roy!
> You thought I sound paranoid when I replied to your "Semantic Searches -
> Knowledge Engines", haven?t you? What do you think about the search
> engines vs. privacy case now? ;-)


> I guess, the best way to hide a file would be to
> #1 get rid of Alexa toolbar

Quite frankly, I only use it for falsified ranks (I won't deny it and I'll
be bluntly honest as I usually am). I do, however, use the Netscraft
toolbar quite heavily (i.e. roll my eyes towards it). It is spying well,
but it provides many valuable facts that complement the page and give some
context. I can't live without it any longer.

> #2 password-protect the directory it's in if you must have it
> Web-accessible

My personal directory (schestowitz.com/RSS) used to be supposedly 'hidden'
rather than password-protected until a year ago (it's almost 3 years of
age). I learned my lesson as people could access my so-called
dashboard/portal by looking at 'History' (public/friends' terminal).

> #3 anything that does not absolutely have to be accessible should be moved
> above the /public_html/ (or your other Wed root) folder

Yes, I now use /tmp for sql dumps that the cron jobs take care of. I also
use the top-level directory for data transfers on occasions. I did not use
to do it, which is glaringly dangerous.

> #4 every so often change its location. Make it name and location if you
> feel a bit more paranoid now ;-)

It no longer exists. The reason I noticed Alexa's behaviour is that a 404
had been flagged. It was a good reminder as to why I must check it every do



Roy S. Schestowitz      | Useless fact: Sharks are immune to cancer
http://Schestowitz.com  |    SuSE Linux    |     PGP-Key: 74572E8E
  4:45pm  up 49 days  4:59,  3 users,  load average: 1.25, 0.83, 0.61
      http://iuron.com - next generation of search paradigms

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index