[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#379892: default config crawls the htdig.org website

Package: htdig
Version: 1:3.2.0b6-1
Severity: important


Hi,

in /etc/htdig/htdig.conf one reads:

start_url:              http://www.htdig.org/

If the Debian admin does not change this, each day the htdig.org website
will be crawled.  Multiplied by the number of Debian installation left
in this default state, this could cause a DDoS for the htdig.org
website.


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (100, 'unstable'), (99, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-1-686
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)

Versions of packages htdig depends on:
ii  debconf [debconf-2.0]   1.5.2            Debian configuration management sy
ii  libc6                   2.3.999.2-8      GNU C Library: Shared libraries
ii  libgcc1                 1:4.2-20060709-1 GCC support library
ii  libstdc++6              4.2-20060709-1   The GNU Standard C++ Library v3
ii  lockfile-progs          0.1.10           Programs for locking and unlocking
ii  perl                    5.8.8-6          Larry Wall's Practical Extraction 
ii  zlib1g                  1:1.2.3-13       compression library - runtime

htdig recommends no packages.

-- debconf information:
* htdig/announce_package_split:
* htdig/run-htnotify: false
* htdig/run-rundig: true
* htdig/generate-databases: false
* htdig/keep-databases:
  htdig/dblocation-changed:
Reply to: