Bug#379892: default config crawls the htdig.org website
Package: htdig
Version: 1:3.2.0b6-1
Severity: important
Hi,
in /etc/htdig/htdig.conf one reads:
start_url: http://www.htdig.org/
If the Debian admin does not change this, each day the htdig.org website
will be crawled. Multiplied by the number of Debian installation left
in this default state, this could cause a DDoS for the htdig.org
website.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (100, 'unstable'), (99, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-1-686
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)
Versions of packages htdig depends on:
ii debconf [debconf-2.0] 1.5.2 Debian configuration management sy
ii libc6 2.3.999.2-8 GNU C Library: Shared libraries
ii libgcc1 1:4.2-20060709-1 GCC support library
ii libstdc++6 4.2-20060709-1 The GNU Standard C++ Library v3
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii perl 5.8.8-6 Larry Wall's Practical Extraction
ii zlib1g 1:1.2.3-13 compression library - runtime
htdig recommends no packages.
-- debconf information:
* htdig/announce_package_split:
* htdig/run-htnotify: false
* htdig/run-rundig: true
* htdig/generate-databases: false
* htdig/keep-databases:
htdig/dblocation-changed:
Reply to: