There were two factors that, together, made this happen: first, the admin login form was implemented in JS, and if you went to log in with it with JS disabled, it wouldn't verify your credentials. And it submitted via a GET request. Second, once you were in the admin interface, you could delete content from the site by clicking on an X in the CMS. Which, as was the pattern, presented you with a JS alert() prompt before deleting the content... via a GET request.
Looking at the server logs around the time it got "hacked", you could see GoogleBot happily following all the delete links in the admin interface.
I did that too. I was aware of the problem, but at the time (1996) I did not know how to fix it.
So I just documented it and warned that they should keep the site away from altavista.
This was back before cookies had wide support, so login state was in the URL. If you allowed a search spider to know that URL it would have deleted the entire site by spidering it.
I did eventually fix it by switching to forms, and strengthening the URL token to expire if unused for a while. And then eventually switching to cookies (at one point it supported both url tokens and cookies).
I have not thought about those days in such a long time.
The whole thing about POST vs GET that everyone knows today for read only vs write was not that well known back then.
Back then you used GET for things with a small number of variables, and POST when you expected enough data that it wouldn't fit in the URL. It was all about the URL, not about the effect of the request.
I guess there was no Wikipedia to have an article for HTTP back then, which has been an invaluable resource for me to understand some of the intricacies in my work.
htaccess didn't exist in 1996.
This site ran on IIS 1.0 on Windows NT 3.51. For scripting we used a prerelease Coldfusion version. (i.e. the version before 1.0, which was released as we were developing the site, partially based on feedback we provided as we tested it.)
> How did you prevent any visitor from deleting the site?
A security token in the url which was secret. The worry was that some admin would try to submit the site to altavista for indexing without removing the token from the url first.
Obviously not for IIS, but .htaccess files go back at least as far as NCSA httpd, and so definitely existed before 1996.
There's your first problem.
Unsecured access and 'GET' based deletes were everywhere.
Also as you note, destructive changes should be authenticated, whether by Basic Auth over TLS or the more common cookie tokens.
Hackers don't need a reason, other than it being clever, novel, fun, etc. But if you want a reason there are plenty:
* art: there are numerous interpretations of this
* fun: this is sort of the digital equivalent of a "useless box" http://www.thinkgeek.com/product/ef0b/
* science: experiment to see how widespread a URL can be shared without Google becoming aware of it
* security: embed unique tokens in your content to detect if it has leaked to the public
Why would you do such a thing? My full explanation was in the content of the site. (edit: ...which is now gone)
I'm curious as to what the website said originally.
What OP has done is "a website that irrevocably deletes itself once Google decided to publicly reveal the fact that it indexed said website".
OP's approach has no way of knowing when the site was indexed. It's conceivable that Google indexed it on the very first day and decided not to share it publicly until 21 days later.
In practice, since 2010 these two events have generally been separated by minutes.
> the NOARCHIVE meta tag is specified which prevents the Googles from caching their own copy of the content.
Yeah, 'noarchive' can be specified via the meta tag or via header. Also available to you are a handful of other directives such as NoIndex, NoFollow, NoArchive, NoSnippet, NoTranslate, etc...
See these links for more in-depth info about the directives & which search engines support what:
Directives & Usage in Meta tags - http://noarchive.net/meta/
Usage in Response Headers - http://noarchive.net/xrobots/
Sounds like an awesome weekend project.
Postmodernism is a lot more relevant to the digital age than anything, imo. It emphasizes pointing out ways of thinking and doing, which I think is especially relevant when we are actually automating most of our ways of thinking and doing.
I know it gets a bad rap because of the ridiculous examples, but the real point of it engages the viewer into a serious kind of contemplation concerning the massive infrastructure that exists and how that shapes our culture, thoughts, understanding, action..
We have the expectation that the generations to come will accept this infrastructure and what it says about how the human mind functions. But much of it is founded on belief systems of how thought and action operate in the real world. Most of these systems are baseless, the idea of a base obfuscated only by the sheer complexity involved in understanding each layer.
It's interesting while it's being built, but it's also interesting to look back and reflect on the bigger picture, outside of the buzzwords and technical terminology used to pull the creation through, and make it actualized.
I look forward when critics and theorists start thinking about the goal of the internet from a social perspective, a collective cultural subconscious directive. I look forward to all the kinds of art history theoretical methodology used to explain the significance of Picasso or Manet in their respective time periods, to use the same kinds of methodology to reason about the relation between the internet and everything that is not the internet.
It's interesting when some information gets washed away and other information is retained through time, and it isn't always the stuff that is indexed that is retained. The idea that art critics can even agree to call the same collection of works "cubism" or "impressionism" fascinates me, and I look forward to the same kinds of invented vocabularies being used to describe various processes, movements, and patterns throughout internet culture (way beyond studying memes and tropes - there are so many layers to the collective psyche of the internet, it is dumbfounding).
I don't know what geocities represents. I'd have to define it's 'kind' and compare and contrast it to other 'kinds' throughout time. I know this was meant to be a humorous comment, but I love to weave theories, and some of them even turn out to be descriptive of the nature of things.
If that ain't baroque I don't know what is.
But should anyone disagree with you, now they're going to have to do the heavy lifting for YOUR side. That disrupts the willingness someone has to even converse with you, and if someone retorts with similarly Laconian wit, you can see the conversation breaks down really fast, because nobody is willing to put in the extra effort to flesh out someone else's opinion when there's no reciprocity or show of effort.
EDIT: What's with the downvote hate? Somebody actually posted a valid key...
So anyone really understood why he did this?
Edit: and now https://archive.today/3QpC9
- deleted after 100 visitors
- deleted if visited with IE 6.0 for the first time
- deleted if referrer is Facebook
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />
Cache-Control: no-cache, no-store, must-revalidate
1. Sending the NOINDEX meta tag
2. Combining meta tags
3. Monitoring for a referrer URL that matches a Google search page to catch the 1st non-sneaky user coming from the index.
4. Monitoring other search engines and their behaviors.
b) robots.txt shall get the same results, plus, no cached content at Google, unlike "deleting itself", which the cache content remains at Google.
Now I am an artist, yay :-)