I’ve received an email this morning with some info about the latest task I’ve been working on. The strange part is that I’ve received it from Google :) It was a `Google Alert` and to my surprise the link pointed directly to the FlySpray page with a bunch of internal stuff (requests, comments, discussions). FlySpray is our bug and product development tracker.
I logged out of my account, to check if the flyspray page was publicly available and it actually was. That part of the site was initially protected with a `.htaccess` file, but we’ve changed it recently and by mistake left this`flyspray` project unprotected. Also, we had no `robots.txt` file in place and that’s how our internal data ended up on Google.
As chance had it, Google helped us catch the problem, too. Some time ago I created a bunch of Google Alerts to monitor news about certain products and companies. I created alerts for search terms like `MySQL` (the popular database), `Symfony` (PHP framework), `Ubuntu` (Linux OS), `BitDefender` (antivirus software), `Payoneer` (global payment company) and `Borland` which was later changed to `CodeGear` (a software tools company).
This worked so well, that I quickly added more alerts to monitor some of our own brands, but rather than check for news, I made it alert me whenever Google found any web page with our brand in it. So far it picked up quite a few other pages. And it picked up our security problem as well this morning :)
Without the Google Alert in place this security hole could easily have remained undiscovered for some time but with Google’s help we’ve been alerted quickly and prevented any real problems occurring. I highly recommend setting up Google Alerts for your most popular brands and keywords that are exclusive to sites and products. Apart from security alerts they’re very useful for finding out who is writing what about your products and services.
In order to create an alert:
- go to the Google Alerts page
- enter your `Search terms` or brands
- choose `Type` (can be `News`, `Blog`, `Web`, `Comprehensive`, `Video` or `Groups`)
- set how often you want to be alerted (`as-it-happens`, `once a day` or `once a week`)
- if you’re not logged into Google you will only be able to enter your email in the last field, but if you’re logged in you’ll be able to choose if you want the alert delivered to your email or to the `feed` which then creates a RSS feed for the alert and can be used with any RSS reader including Google Reader.
Once created your alerts can be managed from the `Manage Alerts` page.