thedailywtf.com — Josh was called in to investigate and noticed that one particularly troublesome external IP had gone in and deleted *all* of the content on the system. The IP didn't belong to some overseas hacker bent on destroying helpful government information. It resolved to googlebot.com, Google's very own web crawling spider. Whoops.
Mar 28, 2006 View in Crawl 4
craigtheguruMar 28, 2006
Moral of the story: be competent.
kitchenMar 29, 2006
the author of the site in TFA is a clueless idiot.
taktMar 29, 2006
Hope they backed up!
paktuMar 29, 2006
If you haven't had the chance, check out the pop-up potpourri threads in their forums. Some of the funniest s**t I've seen in weeks.
Closed AccountMar 29, 2006
"It always cracks me up when the younger generation uses terms like "Wow.. Just Wow...". It's almost as if you are searching for a word. You should get one of those um.. word books.. um.. that .. like.. has, you know.. a lot of words that are similar.. um.. grouped together."Wow...just...wow...I really dont know how to respod to that
vortexmindMar 29, 2006
ROTFL
riskableMar 29, 2006
You're forgetting one thing: Nothing is foolproof because fools are so ingenious.Hiring a developer to write a wiki/CMS from scratch for your company: FoolishMoving all content by copying and pasting over the course of months instead of using scripts (or at least automation tools): FoolishIs it much of a stretch to think that they might be so foolish as to implement a completely worthless authentication method?-Riskable<a class="user" href="http://www.riskable.com">http://www.riskable.com</a>"I have a license to kill -9"
jasqwertyMar 29, 2006
Still don't get it. Google, as most spiders, don't crawl through buttons or form submits, only explicit GET hrefs. So like I said, issuing a GET for the../../../delete.html page deleted content? That's just so stupid I doubt anyone would implement it.
1ivewireMar 29, 2006
People certainly have sued for stupider reasons. Of course, Google lawyers would find so many reasons for declaring the coders incompetent that the final penalty would be about $5.
ljacksonMar 30, 2006
Sometimes old school web programming is the best solution.
Closed AccountDec 27, 2006
Sample link: <a class="user" href="http://mysite.com?delete=123">http://mysite.com?delete=123</a> >delete me Sample code:If ( ! empty ( $_GET["delete"])) { => run delete query in MySQL }Result:When googlebot connects to <a class="user" href="http://mysite.com?delete=123,">http://mysite.com?delete=123,</a> it automatically runs the "delete" command.Solution:If ( ! empty ( $_POST["delete"])) { => run delete query in MySQL }
Closed AccountDec 27, 2006
Better solution:If ( ! empty ( $_POST["delete"]) && ($_SESSION["user-id"] == "unique user-based md5 hash")) { => run delete query in MySQL }
hello1024Aug 26, 2009
It's actually pretty hard making all GET requests have no user visible side effects - to do it you need millions of <forms> and hidden form elements - a total PITA!It's one of those RFC's I only stick to for critical stuff or where it's easy to do. Modern browsers don't treat GET very differently from POST anyway. POST has other annoying things like that dialog that appears when you refresh the page which is unacceptable, and the only way to avoid it is a redirect after every POST, which slows everything down.
hello1024Aug 26, 2009
sad but true...
hello1024Aug 26, 2009
Moving all content by copying and pasting over the course of months instead of using scripts (or at least automation tools)Not Foolish. Get the users to do it and at the same time you'll get all the content checked, updated, and re-organised. Scripts can't do that. End result you get a better system, at the expense of more user time.
riskableAug 26, 2009
Hello1024, I understand the concept behind what you're saying (it is a good way to fact-check and update documentation) but the cost of such a process would be far too expensive. Even if it only took two hours of each employee's time that cost will add up to a significant amount more than if you just had ONE sysadmin or programmer automate the process.A wiki is supposed to be on-going, ever-changing documentation anyway. The value added by having everyone pour over every page is diminished by this fact.-Riskable<a class="user" href="http://riskable.com" rel="nofollow">http://riskable.com</a>&quot;If you have a plethora of tools every problem starts to look like a chance to use your imagination."