Browse > Home / Blog, Blogging / Be Careful of Security Issues when Using Wiki’s and Blogs with Trackbacks

Be Careful of Security Issues when Using Wiki’s and Blogs with Trackbacks


Posted: July 24, 2006

When a website automatically posts comments to another site it is called a trackback. Essentially, Blogs and many Wiki’s automatically post comments on a website’s page (when comments are enabled) when one links to that particular page. In most cases, the trackbacks and comments are used to create a discussion around a particular subject. Hence why Wiki’s and Blogs are key to developing an internet community.

However, wiki’s are also often used in development projects, and if you are not careful with the security settings, you can give away your development secrets.

A few days ago, a new comment was posted to this blog from a url that breaks down into: ClientSite.AdvertisingAgencySite.com/DEV/ProjectName which linked to my post on using AdWords Dynamic Parameters in URLs. Without even reading the comments, I knew that Company A was launching a new AdWords campaign and which company would be running the show. However, I also received comments on the page past the URL which told me even more about the ad campaign.

My guess is that the Wiki being used had trackbacks enabled and no one checked the security settings before posting many secrets to the Wiki (which is behind a password protected page).


Then, a couple days later, another trackback showed up from a completely different source which was CompanyName.AdvertisingAgency/NewProject from yet another Wiki. After checking that the entire site was password protected, I was sure this was yet another agency launching another company’s ad campaign.

In both of these cases, I’m being passed secrets about ad campaigns which I’m sure the agency and the clients would not be happy to know. Someone didn’t do their homework about how to set up, run, and keep a Wiki secure.

If you’re running a piece of software with trackbacks (which could be a blog, wiki, forum, etc), and you do not wish anyone outside of the password protected area to see what you’re writing about - disable the trackback and ‘ping’ ability of the software package.

Share and Enjoy:
  • Sphinn
  • del.icio.us
  • StumbleUpon
  • Digg
  • Reddit
  • Google
  • Facebook
  • TwitThis
  • Yahoo! Buzz


Related Information:
« Feedburner Helps Websites Understand Their Content
Google’s Local Search Lags Behind other Properties »

Stay on top of PPC info - Subscribe Today!




Written by Brad Geddes aka eWhisper · Filed Under Blog, Blogging 

Comments

Comments are closed.

Google AdWords
Seminars for Success

Learn about Google AdWords from experts hand selected by Google.

These seminars will educate advertisers on the creation and management of successful AdWords campaigns.

Upcoming Seminars:

Boston AdWords Seminars June 24th & June 25th
Minneapolis AdWords Seminars July 16th & July 17th
Denver AdWords Seminars August 4th & 5th

Learn More about the Seminars:
Seminar Information
Official Google Seminar Page
Suggest a new city

Brad Geddes


Brad Geddes Brad Geddes aka eWhisper
View Brad Geddes's profile on LinkedIn











Leslie Clark


Leslie Clark Leslie Clark
View Leslie Clark's profile on LinkedIn

Other Memberships














Local Search Ranking Factors Contributor

2008 SEMMY Runner-Up