Commission Junction Security Hole Discovered

Jul 22, 2005 - 4:28 pm 0 by

T0PS3O sent me a PM about this thread at DigitalPoint forums. The thread uncovers a security loophole in CJ's template repository management system. It was discovered when a DigitalPoint member asked;

When I check my site log stat. I found this dns with ip address It crawl every pages of my site. Are you familiar with it?

After more digging, one found the issues:

1. They have this machine publicly-accessible (it's not their main web server, somebody actually put in on the outside). 2. This apparently wasn't enough publicity for them and somebody ran/running a crawler on this machine, which identifies the machine to all the sites it's visiting. 3. There's no authentication of any kind for this system.

More information at the DigitalPoint thread.


Popular Categories

The Pulse of the search community


Search Video Recaps

Video Details More Videos Subscribe to Videos

Most Recent Articles

Search Forum Recap

Daily Search Forum Recap: May 24, 2024

May 24, 2024 - 10:00 am
Search Video Recaps

Search News Buzz Video Recap: Google Ranking Volatility, Ads In Google AI Overviews, Sundar Pichai Interview, Heartfelt Helpful Content & More Ad News

May 24, 2024 - 8:01 am
Google Search Engine Optimization

Google: The Site Reputation Abuse Policy Enforcement Not Yet Algorithmic

May 24, 2024 - 7:51 am
Google Search Engine Optimization

Google Search Can Now Index Electronic Publication (EPUB)

May 24, 2024 - 7:41 am

Directory Of Embarrassing Google AI Overviews

May 24, 2024 - 7:31 am
Web Analytics

Google Analytics Real-Time Reports Adds Users In Last 5 Minutes

May 24, 2024 - 7:21 am
Previous Story: Brazilian Use Orkut as Drug Selling Network