Skip to main content
This is either awesome, or worrisome... Started by DeadMan · · Read 7326 times 0 Members and 1 Guest are viewing this topic. previous topic - next topic

This is either awesome, or worrisome...

QuoteOnline Now: 450 Guests, 2 Users (0 Buddies)

This is not something I usually see here.
Hoping it's nothing to worry about.
Tagging @Spuds on it, though.

Re: This is either awesome, or worrisome...

Reply #1

Down to 389 "wabbits" now... :grin:

ef.gif
Last Edit: December 31, 2022, 06:51:12 pm by Steeley

// Deep inside every dilemma lies a solution that involves explosives //

Re: This is either awesome, or worrisome...

Reply #2

Was down to 377, now back to 392..  they're multiplying like .... wabbits.. :thinking:

// Deep inside every dilemma lies a solution that involves explosives //

Re: This is either awesome, or worrisome...

Reply #3

Since I'm unable to see their IP's, I can't really do more to find out what they are.
Seems a lot look at "restoretopic;msgs="
Those must be spiders, or something.

Re: This is either awesome, or worrisome...

Reply #4

Just bots slurping, or trying to. 

This site show 408 right now.  Not sure what restoretopic is ATM but I'll look.  The majority are
Code: [Select]
SP	Huawei International Pte. Ltd.
Usage Type Search Engine Spider
Hostname(s) petalbot-114-119-xxx-xxx.petalsearch.com
Domain Name huawei.com

So you could block those server level or perhaps robot.txt if they respect.


 

Re: This is either awesome, or worrisome...

Reply #5

Thanks to @Burke_Knight we found us a:bug:

In the guest topic view, the restore topic link was exposed (on each message) so the bots were sucking that up and trying to follow.  Of course the link did not work, but it should not have appeared either.

Now why is another old saga but originates in PHP's loose type casting where (int) 0 = (bool) false unless you do strict comparison.  In 1.1 and even more in 2.0 we have been more strict to avoid any loop holes which could be exploited. 

In 2.0 those display template buttons were redone so they were created in the source code (lots of permission checks and other conditionals) not in the templates.  Any invalid buttons are dropped and the rest shown by the template.  Invalid buttons were ones that had a false permission (strictly speaking)

The error, which must go back to 1.0 and before, was along the lines of (pseudo)
Code: [Select]
$a = false;
$a &= other condition && condition;
if ($a === false) drop it
Now don't let that &= fool you into thinking that is a logical operator, its a bitwise operator so the result will be an int 0 or int 1 not a boolean.  It takes booleans (in this case) and returns and int.  Prior to being strict this was OK, but the updated function did not consider 0 = false.  Interestingly doing $a = $a && bla; is faster than $a &= bla at least for cases where $a is already false on entry, plus why mangle the boolean (in this instance)

Fixed on the site so the bots don't see a bogus link.


Re: This is either awesome, or worrisome...

Reply #7

Quote from: Spuds –
-=snip=-

Now don't let that &= fool you into thinking that is a logical operator,

-=snip=-


Well that hung ME up..  yea, overlooked that completely.. :rolling_eyes:

(Is there a sarcasm font?)
 :cheesy:  :cheesy:

Quote from: Spuds –
Fixed on the site so the bots don't see a bogus link.

Maybe shoulda left it for awhile and give the search engine coders something to work on in the new year so when they "let the dogs out" the bots don't "tree the bug", obsess on it barking all night, and move on to other sites instead.  :tongue:

// Deep inside every dilemma lies a solution that involves explosives //

Re: This is either awesome, or worrisome...

Reply #8

:upside_down:  <- I should add an acronym for that, but that is what is considered sarcasm, I prefer :tongue: (get yer mind out of the gutter !)

Re: This is either awesome, or worrisome...

Reply #9

No way ... My mind is perfectly happy in the gutter..  :kiss:

// Deep inside every dilemma lies a solution that involves explosives //