View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000544YaCyWishlist - Wunschlistepublic2015-02-14 16:012015-04-14 06:18
Assigned To 
PlatformOSOS Version
Product VersionYaCy 1.8 
Target VersionFixed in Version 
Summary0000544: For security reasons: Remote Crawling should be disabled at default
DescriptionSome providers in germany (I'm sure in other countries, too) sending out alert emails originating from their abuse team when suspicious activities are occuring. These activities are mostly caused by trojans or other hijack-related activities. In the past I received two such emails from my provider. I did some research and and found out that the remote crawler from YaCy triggered the warning bell at my provider, because some "suspicious material" was loaded by my oeer.

To protect our community run into serious (law) trouble I recommend to disable the remote crawl feature by default and put a warning message at the yacy webinterface (eg. users should use a secure vpn in a foreign country to protect their privacy).
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
LA_FORGE (reporter)
2015-04-04 21:17

Without an admin-account it's also possible to start a crawl via the 'Load Web Pages' or the 'Advanced Crawler' Page. Please disable the remote crawler and deny access to the two pages mentioned above. It's dangerous!
Scarfmonster (reporter)
2015-04-14 06:18

Remote crawl requests are disabled by default. The two pages you mentioned are accessible without admin rights but you can't actually start a crawl using them.

- Issue History
Date Modified Username Field Change
2015-02-14 16:01 LA_FORGE New Issue
2015-04-04 21:17 LA_FORGE Note Added: 0001030
2015-04-14 06:18 Scarfmonster Note Added: 0001033

Copyright © 2000 - 2021 MantisBT Team
Powered by Mantis Bugtracker