The robots exclusion standard or robots.txt protocol is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a website. The information specifying the parts that should not be accessed is specified in a file called robots.txt in the top-level directory of the website.
The robots.txt protocol was created by consensus in June 1994 by members of the robots mailing list ( robots-request@xxxxxxxxxxx). There is no official standards body or RFC for the protocol.
The protocol is purely advisory. It relies on the cooperation of the web robot, so that marking an area of your site out of bounds with robots.txt does not guarantee privacy. Many web site administrators have been caught trying to use the robots file to make private parts of a website invisible to the rest of the world. However, the file is necessarily publicly available and is easily checked by anyone with a web browser.
The robots.txt patterns are matched by simple substring comparisons, so care should be taken to make sure that patterns matching directories have the final '/' character appended: otherwise all files with names starting with that substring will match, rather than just those in the directory intended.
Contents[hide] |
This example allows all robots to visit all files because the wildcard "*" specifies all robots.
User-agent: *
Disallow:
This example keeps all robots out:
User-agent: *
Disallow: /
The next is an example that tells all crawlers not to enter into four directories of a website:
User-agent: *
Disallow: /cgi-bin/
Disallow: /images/
Disallow: /tmp/
Disallow: /private/
Example that tells a specific crawler not to enter one specific directory:
User-agent: BadBot
Disallow: /private/
Example demonstrating how comments can be used:
# Comments appear after the "#" symbol at the start of a line, or after a directive
User-agent: * # match all bots
Disallow: / # keep them out
In order to prevent access to all pages by robots,
Disallow: *
is not appropriate as this is not a stable standard extension. For example, despite the fact that Google claims support for this tag[1], it in fact does not [2].
Instead:
Disallow: /
should be used.
robots.txt is older and more widely accepted, but there are other methods (which can be used together with robots.txt) that allow greater control, like disabling indexing of images only or disabling archiving of page contents.
HTML meta tags can be used to exclude robots according to the contents of web pages. Again, this is purely advisory, and also relies on the cooperation of the robot programs. For example,
<meta name="robots" content="noindex,nofollow" />
within the HEAD section of an HTML document tells search engines such as Google
, Yahoo!, or MSN to exclude the page from its index and not to follow any links on this page for further possible indexing.
(See HTML Author's Guide to the Robots META tag.)
The <NOINDEX> tag is a non-standard HTML tag whose intent is to indicate portions of a page that should not be indexed, such as common navigation or footer. Using it without a namespace will make XHTML pages invalid.
Google uses comments for the same purpose: <!--googleoff: index--> ... <!--googleon: index-->
On 7/15/06, Ricardo Kleemann <ricardo@xxxxxxxxxxxxxxx> wrote:
> Thanks Max.
>
> > A first look shows that the script "bots.txt" currently available targets
> > vulnerable installation of "Joomla" and "Mambo". There are some
> > vulnerabilities reported for the included phpBB and an extension called
> > perForms.
>
> But how in the first place, is apache even downloading the bots.txt, and
> then, running it? Is it running in-memory, since it's not anywhere in the
> filesystem ?
>
> And what commands can be run on port 80 to do the download/run of the
> script?
>
> >
> > The bot seems to join a specific IRC-chan waiting for commands and looking
> > for new vulnerable installations via google-searches.
> >
> > Perhaps you want to replace any wget-binaries with a shell script logging
> > environment and command-line switches to identify the document used to
> > retrieve the script.
> >
> >> PLEASE HELP...
> >>
> >
> > You should stop your Apache! :D
> >
> > .max
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> >
> >
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
does ANYBODY even know what bots.txt even DOES?
bots.txt should look like this:
accept all
reject altaVista
look at virussin.com/bots.txt to see what it SHOULD do... its for
SEARCH EINGINES. the bot grabs it, looks at it, and it its on the
white list of eingines, it caches the site, if its on the blacklist
(reject), it sulks away into a corner...
M-g
--
"Space does not reflect society, it expresses it." -- Castells, M.,
Space of Flows, Space of Places: Materials for a Theory of Urbanism in
the Information Age, in The Cybercities Reader, S. Graham, Editor.
2004, Routledge: London. p. 82-93.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL: http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|