YaCy-Bugtracker - YaCy
View Issue Details
0000544YaCyWishlist - Wunschlistepublic2015-02-14 16:012015-04-14 06:18
LA_FORGE 
 
normaltweakalways
newopen 
none 
YaCy 1.8 
 
0000544: For security reasons: Remote Crawling should be disabled at default
Some providers in germany (I'm sure in other countries, too) sending out alert emails originating from their abuse team when suspicious activities are occuring. These activities are mostly caused by trojans or other hijack-related activities. In the past I received two such emails from my provider. I did some research and and found out that the remote crawler from YaCy triggered the warning bell at my provider, because some "suspicious material" was loaded by my oeer.

To protect our community run into serious (law) trouble I recommend to disable the remote crawl feature by default and put a warning message at the yacy webinterface (eg. users should use a secure vpn in a foreign country to protect their privacy).
No tags attached.
Issue History
2015-02-14 16:01LA_FORGENew Issue
2015-04-04 21:17LA_FORGENote Added: 0001030
2015-04-14 06:18ScarfmonsterNote Added: 0001033

Notes
(0001030)
LA_FORGE   
2015-04-04 21:17   
Without an admin-account it's also possible to start a crawl via the 'Load Web Pages' or the 'Advanced Crawler' Page. Please disable the remote crawler and deny access to the two pages mentioned above. It's dangerous!
(0001033)
Scarfmonster   
2015-04-14 06:18   
Remote crawl requests are disabled by default. The two pages you mentioned are accessible without admin rights but you can't actually start a crawl using them.