Sunday, July 31, 2011

Re: Broken INTERNAL links related to django.contrib.auth

On Mon, Aug 1, 2011 at 1:23 AM, ivan.ogai@googlemail.com
<ivan.ogai@googlemail.com> wrote:
> I get a lot of 'broken internal links' mails daily from a Django
> application I
> am hacking: http://grical.org
>
> They look like this::
>
>    Referrer: http://grical.org/accounts/login/e/show/580/
>    Requested URL: /accounts/login/e/show/
> 580/
>    User agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
> TheFreeDictionary.com; .NET CLR 1.1.4322; .NET CLR 1.0.3705;    .NET
> CLR
> 2.0.50727)
>    IP address: ...
>
> Any idea where can be the problem?

There isn't necessarily a problem anywhere. All this tells you is that
someone, somewhere is requesting a URL that doesn't match a URL
pattern on your site.

The simplest possible cause of this is a dead link on a page -- in
your case, somewhere on the page served by the URL
/accounts/login/e/show/, there is a link that directs the user to
/accounts/login/e/show/580, but that link doesn't resolve. For
whatever reason, people are clicking on that link, so you're getting
notified that there is a problem.

However, it's also possible that this isn't a problem at all. The
internet is filled with lots of robots that wander around; some are
indexing content for search engines (like the GoogleBot); but some are
people probing your site for known security holes. These malicious
robots will frequently construct URLs that don't exist on your site in
an attempt to exploit bugs in the URL handling mechanisms for various
frameworks. There isn't much you can do to stop these people. A
robots.txt file will stop the well behaved robots at the cost of you
losing search engine rank; script kiddie robots don't obey robots.txt.
If you can validate that the link appearing in your log definitely
doesn't exist, and shouldn't exist, and isn't referenced anywhere on
your site, all you can really do here is try and mask these entries
out of your logs.

Yours,
Russ Magee %-)

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

No comments:

Post a Comment