2011-02-08, 07:58 AM
Pages: 1 2
2011-02-08, 08:16 AM
I have no idea what happens but I do not recommend this.
2011-02-08, 09:09 AM
do they make bots run queries that admin can do, if we give them admin permissions? as everyone can know what are the admin queries that are executed, if we look into mybb package.
2011-02-08, 09:29 AM
Don't really know for sure, but why on earth would you want to do this?? You'll gain absolutely nothing from it whatsoever...
2011-02-08, 10:59 AM
Why would you do this? People can just change their user agent to Googlebot and access your admin features. Change it asap!
2011-02-08, 12:32 PM
are really admin and moderator features available to them?
i thought they would just get 'read' access as the group they are in.
i thought they would just get 'read' access as the group they are in.
2011-02-08, 01:04 PM
1) Doing this is against Google's Website Crawling Policy and your site will be penalised.
2) The googlebot won't be hacked because it belongs to Google, the chance they'll ever be hacked is 1%
3) This is completely pointless.
2) The googlebot won't be hacked because it belongs to Google, the chance they'll ever be hacked is 1%
3) This is completely pointless.
2011-02-08, 08:06 PM
(2011-02-08, 01:04 PM)Shukaku Wrote: [ -> ]1) Doing this is against Google's Website Crawling Policy and your site will be penalised.
2) The googlebot won't be hacked because it belongs to Google, the chance they'll ever be hacked is 1%
3) This is completely pointless.
No one's talking about hacking the Google Bot!? (how the hell do you hack a bot?)
Anyway, @OP MyBB checks if the visitor is a bot which is in your list (e.g. Google Bot) by checking against the user agent. So, if I go to your website and change my user agent to the Google's user agent I'll be able to gain admin rights which is not what you want.
What I highly recommend you is that you immediately change the user group of the bots.
I do not know if bots can view the forum like regular users (haven't checked the code for that) but probably yes so...your forum is definitely exposed.
Edit:
It seems I was incorrect. The ACP link is only shown if you're logged in and in order to login you must have an account. To login to ACP you need an account too and bots do not have an account, thus they can't access ACP. There should be no problem at all but still, you don't need it.
2011-02-08, 08:11 PM
(2011-02-08, 08:06 PM)Pirata Nervo Wrote: [ -> ]Er, no. I said "The chance that they'll ever be hacked is 1%." which is talking about Google, not their bot...(2011-02-08, 01:04 PM)Shukaku Wrote: [ -> ]1) Doing this is against Google's Website Crawling Policy and your site will be penalised.
2) The googlebot won't be hacked because it belongs to Google, the chance they'll ever be hacked is 1%
3) This is completely pointless.
No one's talking about hacking the Google Bot!? (how the hell do you hack a bot?)
Anyway, I'll stay clear of this thread to avoid an argument
2011-02-08, 08:13 PM
(2011-02-08, 08:11 PM)Shukaku Wrote: [ -> ](2011-02-08, 08:06 PM)Pirata Nervo Wrote: [ -> ]Er, no. I said "The chance that they'll ever be hacked is 1%." which is talking about Google, not their bot...(2011-02-08, 01:04 PM)Shukaku Wrote: [ -> ]1) Doing this is against Google's Website Crawling Policy and your site will be penalised.
2) The googlebot won't be hacked because it belongs to Google, the chance they'll ever be hacked is 1%
3) This is completely pointless.
No one's talking about hacking the Google Bot!? (how the hell do you hack a bot?)
Anyway, I'll stay clear of this thread to avoid an argument
No one is talking about hacking Google, I don't really understand what you mean. I edited my other post by the way, it seems it is not insecure at all.
Pages: 1 2