Someone found my url

92 views
Skip to first unread message

Bert Berfel

unread,
Apr 2, 2014, 10:31:34 AM4/2/14
to antholog...@googlegroups.com
I was trying out anthologize on a site of mine that is connected to the internet but not publicized.  I accessed this site from my workstation that is on the same lan segment, so any of the testing I did yesterday did not go over the public internet.  I was very surprised this morning to find this in the logs:

my.private.site:80 64.124.203.76 - - [01/Apr/2014:22:22:31 -0400] "GET /wp-admin/admin.php?page=anthologize_export_panel&project_id=406&noheader=true HTTP/1.1" 302 697 "http://temp.com" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; FunWebProducts; PicMorphSearchToolbar 1.2; GTB7.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; BRI/1; BRI/2; msn OptimizedIE8;ENUS)"

How did someone not only find my unpublished site, but also know I had anthologize and a project with id 406?  I realize that there are many ways that my systems can be snooped upon, but I am wondering if anthologize does any tracking of who is using the plugin?  Can anyone comment?

Rick Boatright

unread,
Apr 7, 2014, 11:23:35 PM4/7/14
to antholog...@googlegroups.com
Well, I'm no security expert, but I note that the log says that whatever it was running IE7 on Vista Media Center edition  with two "marginal" toolbars installed, one just plain old spyware, the other infamous adware.  You haven't, by any chance gotten a copy of MySearch or MyWeb by accident on your machine which might be "leaking" your browser history...?  

So much software these days, even from reputable companies comes with stuff like MySearch attached that even sophisticated users in my office manage to accidentially install something about once a month. 

anyway, that's my guess, that there is a leak from your browser history. 

Bert Berfel

unread,
Apr 23, 2014, 5:02:34 PM4/23/14
to antholog...@googlegroups.com
I noticed that also, but the log entry was from the remote site that connected to me, so they have the browser running the spyware.  My machine is clean and does not have those toolbars installed (I think).  I'm still mystified as to how that url leaked out.  It seems like only the anthologize_export_panel related url was hit on, and just after I installed and ran it.  Coincidence?
Reply all
Reply to author
Forward
0 new messages