-- Search Engine Spider and User Agent Identification
---- Secure Sites From Botnet Vulnerability Probes
botslist - 1:15 pm on May 14, 2007 (gmt 0)
Shared hosting farms would just be wise to plug the hole and deal with the fall out of any broken scripts after the fact.
That's a pretty good advice except when the fallout is such that the broken scripts open up more security holes that webhosts didn't even know existed before they tried to plug the hole. Blocking query strings indiscriminately can have unintended security repercussions because it is exploitable in theory, so some caution should be advocated.
Do you really think people just going to toss Joomla, Word Press or Photo Cart, all of which have been vulnerable to this particular threat?
No, I'm pretty sure people won't do that. Which is why I said they should toss the script only "if they can".
You may be on the list to be hacked at this very minute and not know it!
I really and truly and honestly don't think so :)
FWIW and from my POV, I don't see any disagreement between us on this topic: you are telling webmasters how to hit the nail on the head to solve the problem, and I'm telling them how to avoid hitting their fingers too in the process. Surely we can conclude this topic on that friendly agreement, can't we?