Support Desk • at least one MacHeist reg infos could be seen in Google
I was trying to search people's complain about macheist in Google
The second entry was a receipt (and the S/Ns) of some guy
Of course I'm not exploiting this. I just want to point out a thing could be improved by MacHeist
Any comments? Or is this unavoidable (Google's fault)?
Last edited by Chriswan (January 17, 2008 10:54 am)
Thanks a Lot
I was able to replicate ..... MH needs to get google's bots blocked from those pages, AND make them ulra-secure, pronto!
Mozy - backup to the cloud, restore when your computer bites the dust.
BBCODE snippets for TYPINATOR!
DROPBOX: GET 250MB extra FREE!
Using a slightly tweaked query you can also reach a serials page for MacHeist I. It's a bit odd these pages are accessible without logging in if you know the Seekrit URL.
So long, and Thanks for all the fish!
This is scary although seems to affect only this poor guy as of now (search on any phrase from receipt page doesn't pull any more serials)
After reconsideration decided against having referral link in my signature
now, I don't know much about how search engines really work, but iirc if it was spidering macheists page they'd show all of them, it just being this person's, does that mean it's possible they posted a link on some other site (maybe a personal site unintentionally) and it was found and spidered?
p.s. way to make it super secure boboboe 
took me 1 google guess to figure out what the search terms were
Last edited by jer2665 (January 14, 2008 8:23 am)
Ummm... why aren't receipt pages viewable ONLY to the user they belong to ONLY when they are logged in!?!?!?!?!?!?!?!?!
I can't believe this.
MacHeist: THANK YOU FOR USING MY LINK!
DropBox: https://www.getdropbox.com/referrals/NTcxNjA5
Thank you for using my referral links!
i can still find the bundle 2 for "--------" in searches still
Edited to protect purchaser's info.
Last edited by boboboe (January 15, 2008 9:26 am)
I can still find it, too.
MacHeist: THANK YOU FOR USING MY LINK!
DropBox: https://www.getdropbox.com/referrals/NTcxNjA5
Thank you for using my referral links!
Just block google in robots.txt from indexing /order/id, or something of the sort
jer2665 wrote:
now, I don't know much about how search engines really work, but iirc if it was spidering macheists page they'd show all of them, it just being this person's, does that mean it's possible they posted a link on some other site (maybe a personal site unintentionally) and it was found and spidered?
Things like this could easily happen when other sites post their referral logs, or some proxy server somewhere publishes visit logs.
That's the reason you never (EVER EVAH) trust the secrecy of anything to the secrecy of its location. Clicking one link from your soopah sekrit webpage could jeopardize the info.
So long, and Thanks for all the fish!
Strangely enough, if you peek at the details on the result page, then try and use that email address in the order lookup page...it says it doesnt exist ?!?!?
Who said signatures are boring...
No offense man, I know you mean well by posting this, but it was a dick move to do in the first place. Why didn't you just PM the directorate? By posting this, you are inadvertently encouraging unscrupulous members of the forums to search up the name and the bundle on google hoping to find his serials... at the very least, remove the poor guy's name from your post.
Last edited by tintin220 (January 14, 2008 5:25 pm)
Please can a mod remove the name immediately - from a quick Google search I can even click the non-cached link to get this guy's serials up. Please consider that this thread also appears in Google results, and the actions that unscrupulous members of the community (or not) may take.
▛▞▞▟ Proud Member of the BLUE Team™ ▙▚▚▜
As soon as I get a hold of Phill, I will get him to bring this up with the rest of the crew. It was my understanding last year that this sort of thing had been protected against.
Sorry, I did't realize the consequences of my action 
I just read the thread again just now...
Last edited by Chriswan (January 15, 2008 10:18 am)
Thanks a Lot
This is probably because of the Google Toolbar. The Google Toolbar phones home *EVERY* site you visit.
Thanks for using my referral link!
I've invalidated his bundle and added a robots.txt for now, and we will investigate further ways to improve security.
Karl Baron 〜 I break things at MacHeist as well but I successfully blame it on Scott
aaroncp wrote:
Ummm... why aren't receipt pages viewable ONLY to the user they belong to ONLY when they are logged in!?!?!?!?!?!?!?!?!
I can't believe this.
You don't have to be a member to purchase a bundle.
Karl Baron 〜 I break things at MacHeist as well but I successfully blame it on Scott
LINK
It's still living in Google Cache...
Edited to protect information.
Last edited by boboboe (January 17, 2008 8:37 pm)
Marathon Forever.
AppShelf: MacHeist 3 Loot
AppShelf: nanoBundle 1
Check Reciept Page for nanoBundle 2 AppShelf Files.
Wow! Get it off! People might try and use those serials.
What I don't understand is how the google bot got into a https:// connection. The bots can get everywhere it seems.
Someone hop over to https://www.google.com/webmasters/tools/removals to remove the like from google's Cache.
I don't want to do it without Macheist's approval.
I'd also archive (somehow) then delete this topic!
Blue team FTW!
The serials still works with Speed Downloader and Awaken (take it easy, I will buy the bundle as soon as I find one to share referrals with 
Oh lord!
Way to go, Judofyr, you most likely will end up getting that serial banned. Way to stick it to the person it really belongs to.
MacHeist: THANK YOU FOR USING MY LINK!
DropBox: https://www.getdropbox.com/referrals/NTcxNjA5
Thank you for using my referral links!
We can all take solace in the fact that nearly all the people reading this topic have/will buy the bundle for themselves anyway.
Pages: 1 2