Hacker News new | past | comments | ask | show | jobs | submit login
Why you can't search for phpBB on Bing (blamcast.net)
149 points by chaosmachine on Aug 1, 2011 | hide | past | web | favorite | 42 comments

> phpBB has a pretty bad security record

Not exactly true. phpBB2 has a bad security record. phpBB3 has been clean since day 1, IIRC.

I work with phpBB, and felt a little awkward stepping forth and saying this, so I'm glad somebody did.

phpBB3 has had a couple tiny problems, but nothing that could be used to attack users of a site or propagate an issue.

And still many people will refuse to use phpBB or have anything to do with it because of its checkered past.

I won't use phpbb or vbulletin or any of them because they feel cludgy. I don't want signatures. Two lines of text shouldn't occupy 500 pixels on my screen. And conversations among tons of people don't make sense when displayed at one hierarchy. Reddit and HN have spoiled me, any sort of unmoderated single-hierarchy forum is a chore anymore.

I'm out of the loop I suppose... what software would you use for, say, a support forum or something? I still use phpBB, and it works, but I agree it feels cludgy.

You might like Vanilla Forums better: http://vanillaforums.org/

I'd use the reddit/HN codebase, or a reddit/HN clone.

Not exactly, there was one issue on 3.0.7, which made the 3.0.7-pl1 to be release quite soon.

But, I have to say that we are very pleased about phpBB3 security...

Ah, yes, that. I didn't remember it, since it was solved in a few hours and it was not a horrible security hole, just a problem with permissions in feeds: www.phpbb.com/community/viewtopic.php?t=2014195

For me, bing only produces errors if you don't have any bing cookies initialized.

A presumption that bots wouldn't store+return cookies?

I tried

1. visit www.bing.com first

2. search for few random words

3. search those URLs OP mentioned

4. They all works now.

Looks like a bug how Bing handles cookies.

If it's an automated system inducing the error state, it suggests that you could poison Bing by creating a similar error for popular keywords.

I started using Bing recently and I noticed that I was getting error pages intermittently, and then pretty frequently.

phpbb and topic view are returning error pages for me (on latest ff, cookies enabled).

Another way I'm reliably getting an error page is adding parameter &first=201, e.g. http://www.bing.com/search?q=stuff&first=201

This is the paging parameter, indicating you're at the 20th screen of results.

Can't say I've ever been to Bing on this computer, but clicking on the links gives me the error.

However, after visiting Bing.com and then clicking on the links, they work.

Works fine for me on the mobile site. Also the api returns results http://www.unscatter.com/search/?q=Phpbb+%2Fbing

Problem still occurs for me when clicking his links - no bing cookies here as I don't use it.

All the examples mentioned worked fine for me (on FF5, Chrome + IE9 on Windows 7). Weird...

None of them work for me on Windows 7 / Chrome. My computer is being sent to or .120 when I ping www.bing.com (pinging bing.com goes to, which times out), in case that's useful to anyone - since this is only happening to some people, it could be an issue which isn't present on all of Bing's servers.

Got it to break; someone else here mentioned that when they cleared all bing.com cookies it generated the error - I got the same when I did that...

Try to open them in an incognito window on chrome. That way the error shows up for me.

They didn't fix sh*t. It's still doing the same thing for me.

Every single one of his search examples "that breaks Bing" works for me just fine.

Either Bing fixed this the same hour his blog post was made, or he just ran into a temporary snag.

And his Google search of the error code on Bing is just that, a snapshot of a temporary error that has no correlation to any particular keyword in the url.

Bing seems to do refer[r]er and/or cookie checking. If I enter the search on www.bing.com or have a cookie from bing, a search for phpbb produces results, if I clear all all bing cookies and enter http://www.bing.com/search?q=phpbb in the location bar, I get the error.

an unsophisticated fix for an unsophisticated exploit

if the exploit supported cookies and could mimic IE it would bypass this form of blocking

That link works for me (or rather, dies and gives an error). By way of giving multiple data points.


Clean history - Bing spits an error, visit bing.com, then search - everything's fine.

Same for me.

browsing in an incognito window should reproduce the error.

it does

I'd be interested in which browser you're using, and if you could check with a different one. I mention in the article that some browsers seem to be redirected before the bot filter kicks in (IE9, for example, but not IE8).

You can see the results of the bug on about 50 browsers here:


Keeping these query things aside, Bing is not even loading in Opera mini 6 !

I get the crash in safari on osx but not firefox or chrome

It seems to be related to whether or not you have a bing cookie in your browser or not. I can turn on private browsing have them fail, then use a session with a bing cookie and have them succeed.

Works fine in Opera!

They all consistently fail for me, Firefox 5 on Linux.

Ditto; same with Chrome, wget and curl.

The "what topics do they discuss on the view?" search initially failed for me. So I went directly to Bing and typed it in manually and it worked from there on out, even going back and clicking the link in the article.

No dice for me with Chrome on a Mac.

For me just now:

Ref A: 1868CAC6D8EA4D63B186C4E1C09E8822 Ref B: 22A00154B361421B403038C5A5D4A80F Ref C: Mon Aug 01 17:20:45 2011 PST

Edit: this is under Chrome incognito mode as others have mentioned

Same for me (different numbers, though). I'm not surprised, though—I'm on an EC2 VPN, which some internet services are somewhat biased against (notably Stack Overflow).

Either that – or Bing itself is getting blocked from spidering Google on these queries ;)

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact