infoseek bug

From: til...@berlin.snafu.de (Tilman Hausherr)
Subject: infoseek bug
Date: 1998/11/22
Message-ID: <3659fa58.77632127@news.snafu.de>#1/1
X-Deja-AN: 414462269
Content-Transfer-Encoding: 7bit
Organization: Xenu's Ranch
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0
Newsgroups: comp.infosystems.search

Infoseek has a nasty bug that can make abuse possible. I have already
written to the feedback but they don't "get" the problem.

If an existing site listen by infoseek is "replaced" by a redirection,
infoseek doesn't delete the no-longer-existing site. Instead, it handles
the redirection and processes the result only. Correct would be to
delete the redirection.

This makes abuse possible, since one could make all sort of different
pages for submission, submit them, and replace them with a "hard"
redirection (not through META tag but through HTTP) to all the same
page.

The best I could get from the infoseek feedback was that they deleted
one site (1600 links) that had replaced itself with a redirection script
(no abuse was intended by them). But the infoseek feedback doesn't seem
to have understood that it is a bug.

Tilman

From: y...@cse.buffalo.edu (Yanhong Li)
Subject: Re: infoseek bug
Date: 1998/11/25
Message-ID: <73hk4o$7g7$1@prometheus.acsu.buffalo.edu>#1/1
X-Deja-AN: 415666115
References: <3659fa58.77632127@news.snafu.de>
Organization: University at Buffalo CSE Department
NNTP-Posting-User: yli
Newsgroups: comp.infosystems.search

In article <3659fa58...@news.snafu.de>,
Tilman Hausherr <til...@berlin.snafu.de> wrote:
>Infoseek has a nasty bug that can make abuse possible. I have already
>written to the feedback but they don't "get" the problem.
>
>If an existing site listen by infoseek is "replaced" by a redirection,
>infoseek doesn't delete the no-longer-existing site. Instead, it handles
>the redirection and processes the result only. Correct would be to
>delete the redirection.
>
>This makes abuse possible, since one could make all sort of different
>pages for submission, submit them, and replace them with a "hard"
>redirection (not through META tag but through HTTP) to all the same
>page.
>
>The best I could get from the infoseek feedback was that they deleted
>one site (1600 links) that had replaced itself with a redirection script
>(no abuse was intended by them). But the infoseek feedback doesn't seem
>to have understood that it is a bug.
>
>Tilman
>
>

As an infoseek search engineer, I would like to offer my personal
opinion on this. The reason we donot delete all the redirections is
that many root level web pages, eg. www.something.com are redirects,
we donot want to delete them.

To solve the abuse issue you mentioned, we are using many other
methods to try to stop spam. If you or anybody else can report
offending pages, customer support will surely take care of them.