On Monday, I installed Elgg .8 over at OldeSchoolSpace. It was a bold thing to do, as the code had just been released. But it worked great. I was really pleased with the way in which the new version handled files — it’s a better interface and we’re about to start uploading lots of digital stories. I tested out the file uploads, created some blog posts in our class community, and added some files. My podcast feeds were working great and all was right with the world.
Then, this morning, I went to the site to show my cooperating teachers how the file uploads work — and the entire class community was gone.
Completely. Absolutely. Gone.
So were three of the four other communities. I was floored, and certain that I mis-installed the software. I’m not so sure that I did.
The wonderful tech support folks at BlueHost helped me through pouring through the databases, looking for data. It wasn’t there — it looked like it was manually deleted.
Turns out it was.
I went through the raw access logs, looking for anything funky. These lines are some of what I found:
66.249.72.52 – – [24/Apr/2007:20:32:47 -0600] "GET /speech/community/delete HTTP/1.1" 200 471 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.72.52 – – [24/Apr/2007:20:34:15 -0600] "GET /leadership/community/delete HTTP/1.1" 200 471 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.72.52 – – [24/Apr/2007:21:09:01 -0600] "GET /digistories/community/delete HTTP/1.1" 200 471 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
I am only learning to speak the language — but it looks to me like Google found and executed the delete command for these communities.
Why’d that happen, and how can I keep it from happening again? My error? A flaw in the code? A malicious attack masquerading as a Google bot?
I’ve restored the old data and we’ve lost a few days of work — nothing too serious. We have backups of the student work. But before I reinstall the .8 code, I’m curious about what happened and would appreciate any response you can send my way.
That is unquestionably bad coding. The HTTP spec says GET should be safe: “In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval.” Deleting is an action other than retrieval.
Hi Bud,
I recommend you upgrade to Elgg 0.8 RC2 – now out on elgg.org – as a matter of urgency.
Rule number 1 of web coding: never change a state using GET.