Search engines, being complex programs, are a frequent target of hackers looking to exploit a server. A common exploit is to get the search engine to perform an unintended task, such as running an arbitrary system command or getting the server to act as a proxy.
If you use the Blossom adaptive search engine or page highlighting, then you may have noticed a change that prevents a hacker from using the search engine as a proxy. Both adaptation and page highlighting wrap URLs in the search results list with a call to a redirection program. The redirection program retrieves the document at the URL and then does additional processing on the document.
When it was first introduced, the URL for the page to be retrieved was a clear parameter to the redirection program. That attracted hackers wishing to send traffic to websites that appeared to come from Blossom. We will leave it to your ingenuity to figure out ways that might be exploited, but we noticed thousands of redirects daily not coming from search results. Hackers had found an exploit.
To solve the program we now encode the URL to be retrieved. You will see the encoding if you look at the link for the items in a search results list. It is not as informative as having the URL be readable, but it is a lot safer.
By the way, keeping hackers off your server is one nice benefit of using a search service. Besides eliminating the traffic from hacker's probes, should a hacker find an exploit they would still be isolated from your server. It becomes a problem for us, but not for you.
Tuesday, December 29, 2015
Subscribe to:
Comments (Atom)