XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. Xoops Development / 
  3. Xoops Bug Reports 
  4.  / Google Web Accelerator: is it an issue with Xoops?
Register
1
spiff
Google Web Accelerator: is it an issue with Xoops?

  • 2005/5/7 15:29

  • spiff

  • Just popping in

  • Posts: 47

  • Since: 2003/4/16


Hello all,

There's been a certain buzz lately about GWA accessing all pages for prefetch, and peeking into links it shouldn't link to. The threat may be overstated, but it doesn't hurt being vigilant.

So, could GWA mess up a XOOPS site?

GWA basically works like a spider, prefetching all links present on a page. If a XOOPS administrator is logged in with GWA turned on, Google will try to prefetch all links (including "delete account" buttons, etc.).

Is 2.0.10 immune to this kind of spidering?

As an aside, will GIJoe's Protector module automatically shun those IPs (range 72.14.192.0-255) to deny GWA "autoclicks" or should we enter the range in the Protect center?

Thanks,
Eric

References:
SlashDot
How to show GWA the door in Rails
GWA: Not so fast
2
ackbarr
Re: Google Web Accelerator: is it an issue with Xoops?

best answer I can give: some parts of XOOPS could be affected by this. I haven't looked through the entire core, but basically any GET request that changes application state (updating an object, removing an object) is at risk. From an application development standpoint, this is usually a bad idea anyway, but I know that several modules allow this.

A quick hack to disable prefetching on your XOOPS site might be to add this to your mainfile.php:
if (isset($_SERVER["HTTP_X_MOZ"]) && $_SERVER["HTTP_X_MOZ"] == "prefetch") {
    header("HTTP/1.0 403 Forbidden");
}
3
ackbarr
Re: Google Web Accelerator: is it an issue with Xoops?

I think that if you have Protector's flood protection settings enabled then it is possible for those IPs to be blocked automatically. This is the same problem with any proxy or NAT based network though.
4
spiff
Re: Google Web Accelerator: is it an issue with Xoops?

  • 2005/5/7 21:18

  • spiff

  • Just popping in

  • Posts: 47

  • Since: 2003/4/16


Thank you Ackbarr, the hack is definitely worth considering. I've contacted GIJoe for some extra info.
5
nobunobu
Re: Google Web Accelerator: is it an issue with Xoops?

  • 2005/5/8 3:20

  • nobunobu

  • Just popping in

  • Posts: 60

  • Since: 2004/5/23


Quote:

"GWA accesses all pages for prefetch.."

Is it true?
I understood that GWA accesses pages that has only following style link for prefetch.
link rel="prefetch" href="http://url/to/get/"

Please refer [
What Webmasters Need To Know About Google Web Accelerator]

If GWA accesses all pages for prefetch, it is very ill for some web application that allows deleting contents with GET operation directly.
6
spiff
Re: Google Web Accelerator: is it an issue with Xoops?

  • 2005/5/8 15:43

  • spiff

  • Just popping in

  • Posts: 47

  • Since: 2003/4/16


Not quite.

Google has an algorithm that tries to "sense" what you may be likely to click on, and prefetches that:

Quote:
Prefetching material [is] in part, determined by an algorithm developed at Google that looks at mouse movements and aggregates traffic to sites to try to determine what to prefetch

(Source: Search Engine Watch)

Quote:
I'm watching my local proxy's logs and I'm seeing a request every time I mouse over a link.

(Source: SlashDot)

LINK REL="PREFETCH" tags are automatically prefetched, as mentioned on GWA's Webmaster FAQ page, but GWA does more than just prefetching these tags.

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

370 user(s) are online (251 user(s) are browsing Support Forums)

Members: 0

Guests: 370

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits