Access Rights, aidlinks What's Google Doing?: The Chill Out Zone

Home
Search

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

Hi,

First off administration/errors.php

Code Download source

if (!checkrights("ERRO") || !defined("iAUTH") || !isset($_GET['aid']) || $_GET['aid'] != iAUTH) { die("Acces Denied");

Instead of die access denied it needs to redirect to index...

Code Download source

redirect("../index.php");

Next and the strangest one to me...

Google can enter my administration folder and get an aidlink somehow...

Code Download source

66.249.67.211 - - [02/May/2014:16:55:17 +0100] "GET /administration/index.php?aid=xxxxxxxxxxxxxxxx&pagenum=5 HTTP/1.1" 302 - "-" "Mediapartners-Google"

How does Google get an aidlink?
How does Google get passed Admin rights checks?

Also look at my robots.txt

http://www.phpfusionmods.co.uk/robots.txt

Is it correct or am I allowing google access to my admin? I'm kind of confused now. Aidlink, Google what?

Thanks

0 replies

Most likely it was attempting to go to a url you've been to previously. Chrome (and some other browsers) submits data to Google (if you allow it) and googlebot mediapartners will literally follow you around, whether it has access to the pages or not, it will attempt to access them.

You'll notice in your access log it shows a http access code of 302. That means the googlebot was directed away from that page to somewhere else. It never actually saw the page.

0 replies

Great so it's another Google Trackng Data concern I did not know about wonder how many others don't know that. Shameful Google.

Anyway how do I disable that, why should Google be aloud access to data like my aidlink. They are not the owners of the net. I hate companies that turn into Class 1 A holes. Google should not be tracking me in my admin area full stop. Just another privacy concern to add to there list of concerns. Great well done Google pfft. Google is bad. Google is liers and spies pfff Google PFF T . :@

Thanks for your reply SK. :G

BTW my robots.txt am I booting Google out my admn?
I don't want Google in my admin.

Thanks

Edited by Craig on 02-05-2014 23:49, 10 y

0 replies

I told you that it got the URL via Chrome, perhaps from Chrome cache. The Error management in the code is one thing, that may be improved or changed, but, as SKPacman says, it has no access to Admin, it just tries to use the aid link.

So:
[olist=1]It does not seem to be a security issue
Upon event, it could perhaps be handled better, if you want it to (blocked > what page to show)
it could be useful to revise the correct blocking code in robots.txt[/olist]

Edited by Homdax on 03-05-2014 09:03, 10 y

0 replies

Hi,

No, no. Do not make excuses for them it's Google man they are bad and Mozzila as well oh and MS. I mean not at one time during the 13 or 14 years I use the internet I never knew to tick that box anyway now I ticked the box and it should not track me now...

www.phpfusionmods.co.uk/images/tickdonttrack.png

If I find out it still tracks me then I will think again about my future use of the tinternet. Google, Mozzila, MS all lies and very bad. I think I will leave them browsers and not use them any more and they do not answer support either. I posted to Google and mozila but they do not help. Never mind them they are bad. Think I will close down my browser and I will ban them from my sites. :D

Regards

Edited by Craig on 03-05-2014 11:23, 10 y

0 replies

I remember a few years ago when trying Chrome I also found a Chrome based browser that was different by "stopping Google from tracking/spying you via the browser". So in Chrome there was no option you could uncheck and stop them doing that, it was deep within the code I suppose.
Because of that I never used Chrome as an everyday browser, only fooling around and testing how sites render...
To see even today that they practice this kind of stuff is concerning at least.

About the errors.php, die() instead of a redirect is rather and inconvenient as you have to click back in browser and doesn't pose a security risk.

0 replies

Hey JoiNNN,

Concerning it is indeed. ;)

Yes I changed the code in errors.php access check to redirect to the index.php...

Code Download source

if (!checkrights("ERRO") || !defined("iAUTH") || !isset($_GET['aid']) || $_GET['aid'] != iAUTH) { redirect("../index.php"); }

I also changed my robots.txt back to simplicity so all bots should not go in them folders like administration etc. Of course evil ones will still go there but that's what the Bot Trap is for, Bot Trap Agent will soon catch em and block em out.

Thanks all for your replies and help it is much more help than Google and mozzila gave me. Good work Guy's thanks.

Regards

0 replies

In regards to other browser you could try Cómodo Dragon. It's based on Chrome but claims to be locked down for tracking and such.

0 replies

Hi mate,

Nice Aye, I will look into this comodo dragon, I like dragons. Dragons can keep my secrets unlike them foxes and the scary men with BIG GOOGLY EYES!

EDIT: Oh based on Chrome, hmmm, I must think again about them dragons being trusted.

Regards

0 replies

Quote

now I ticked the box and it should not track me now

Tell yourself what you must to sleep at night and get through the day. Fact of the matter is, we are only a few years away from enjoying complete surveillance. My suggestion is, accept now that you have no privacy, and when you find that they have breached it, you wont spend time being angry.

OR you could live off the grid hermit style. However, the only programming available in that scenario comes in the form of gardening, wood working, and psychological rehabilitation.

Be on the side that helps to usher in the new age, and that advances us toward the singularity versus away. Connected versus Disconnected, these are your only two options.

Edited by PeaceLaced on 03-05-2014 12:23, 10 y

0 replies

Howdy,

Yeah ticking that box probably actually does the opposite of what it says.

Regards

0 replies

My friend, ticking that box lets them know which side you are on. At least with un-ticked you can claim ignorance. Although making a choice does carry some clout.

0 replies

Howdy,

Well that option says...

Quote

Tell Sites that I do not want to be tracked.

So it does the opposite of that yes?

So instead of not tracking me by ticking that box it will n fact track me? Again they are liers?

Regards

0 replies

Quote

BrandonBlack wrote:

Quote
now I ticked the box and it should not track me now

Tell yourself what you must to sleep at night and get through the day. Fact of the matter is, we are only a few years away from enjoying complete surveillance. My suggestion is, accept now that you have no privacy, and when you find that they have breached it, you wont spend time being angry.

OR you could live off the grid hermit style. However, the only programming available in that scenario comes in the form of gardening, wood working, and psychological rehabilitation.

Be on the side that helps to usher in the new age, and that advances us toward the singularity versus away. Connected versus Disconnected, these are your only two options.

This may spin further off topic than the original quote, but I just feel I must say in how many ways I think the above statement is wrong and unethical.

First off, personal integrity is something that must be valued and protected.
The EU data directive recently got mopped up by the EU court for not taking enough consideration to personal integrity.

Quote

"The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data,

Secondly, if it becomes a matter of being connected and accepting all the survellance and data collection, well that point is just moot since we have legislation in place to protect us.

However, that being said, I fully agree with president Obama, when he says, and I quote:

Quote

And yet, in our rush to respond to a very real and novel set of threats, the risk of government overreach, the possibility that we lose some of our core liberties in pursuit of security also became more pronounced. We saw in the immediate aftermath of 9/11 our government engage in enhanced interrogation techniques that contradicted our values. As a senator, I was critical of several practices, such as warrantless wiretaps. And all too often new authorities were instituted without adequate public debate.

...

Quote

First, the same technological advances that allow U.S. intelligence agencies to pinpoint an al-Qaida (sale ?) in Yemen or an email between two terrorists in the Sahel also mean that many routine communications around the world are within our reach. And at a time when more and more of our lives are digital, that prospect is disquieting for all of us. Second, the combination of increased digital information and powerful supercomputers offers intelligence agencies the possibility of sifting through massive amounts of bulk data to identify patterns or pursue leads that may thwart impending threats. It’s a powerful tool. But the government collection and storage of such bulk data also creates a potential for abuse.

Third, the legal safeguards that restrict surveillance against U.S. persons without a warrant do not apply to foreign persons overseas. This is not unique to America; few, if any, spy agencies around the world constrain their activities beyond their own borders. And the whole point of intelligence is to obtain information that is not publicly available.

.
He rounds it up with:

Quote

That places a special obligation on us to ask tough questions about what we should do.

From the speech on NSA, january 27

Now, again I agree with President Obama. It is a thin line that must not be crossed, but admittedly, the line is there and anyone, in any system or any role, should be aware of it.

In a system such as PHP-fusion we should also be aware of it. There is an infusion by Hobbyman that protects Private Messages and even if I do not think any changes need to be done to PHPFusion as such, we should certainly not make a system that ignores the wish for personal integrity among our users.

Edited by Homdax on 03-05-2014 15:36, 10 y

0 replies

Hi,

I think V8 will use geo location I am sure that will be optional since some will not want their location identified. I am sure PHPFusion will make sure that is optional and always make sure users using the software be that admins, and visitors that their integrity and privacy will be priority. Only data PHPFusion should collect is your browser info, your O/S basic your IP and nothing more, all basic details that does not interfere or spy into people lives, aye ok and email to join in the first place but that is it.

Anyway PF is not the issue here it's them Big name search engines and the likes we need to concern ourselves about as long as Fusion seals every possible door to leaks we are fine. Not that there is anything to seal mind you but aye stealthy is the way. Hash it, salt it, pepper it, mix it again, add another var, stir it and go, go go.

Regards

0 replies

Category Forum

Announcements & Security Issues

Labels

None yet

Statistics

Views 0 views
Posts 14 posts
Votes 0 votes
Topic users 5 members

5 participants

Notifications

Track thread

You are not receiving notifications from this thread.

Access Rights, aidlinks What's Google Doing?

14 posts

PHPFusion

Resources

Community

Development