(0)
T0PS3O sent me a PM about this thread at DigitalPoint forums. The thread uncovers a security loophole in CJ's template repository management system. It was discovered when a DigitalPoint member asked;
When I check my site log stat. I found this dns ace.cj.com with ip address 216.34.209.23. It crawl every pages of my site. Are you familiar with it?
After more digging, one found the issues:
1. They have this machine publicly-accessible (it's not their main web server, somebody actually put in on the outside). 2. This apparently wasn't enough publicity for them and somebody ran/running a crawler on this machine, which identifies the machine to all the sites it's visiting. 3. There's no authentication of any kind for this system.
More information at the DigitalPoint thread.
