Which again seems fine. The only issue is that Google seems surprisingly poor at recognizing that the different results on the forum are actually the same thread.
Because the forum is a subdomain? Again, I’m not sure why they wouldn’t do this, and TBH, it seems to me very useful. Searching for a super-common word like “body” is next to useless using normal text search. Showing discussions in the forum may well throw up something that’s going to be more useful for someone researching this topic.
But if you don’t want forum results, just use DuckDuckGo, which gives the following for the same search:
Cool, I will stuck with DuckDuckGo from now on, thanks!
I now understand the subdomain thing and disagree with it being indexed as part of SuttaCentral.
The discussions in this forum are not necessarily the most useful and one would have to spend a lot of time sifting through endless conversations to “separate the wheat from chaff”.
To me, best would be to have D&D totally disconnected in domain from SC, people should be first pointed to the source materials of suttas and parallels.
body site:suttacentral.net -site:*.suttacentral.net
to exclude subdomains from search.
This works in Google, but not in DuckDuckGo (and other search engines?): but you can exclude multiple subdomains with multiple -site:subdomain.suttacentral.net instead (e.g. discourse, legacy) to filter results from main domain only
So this meow bot takes advantage of unsecured elasticsearch instances, that basically talk to the internet or at least the local network (i.e. the VPS network), yesterday I tried tightening up the firewall by blocking all ports Elasticsearch uses to communicate (AFAIK), restored the search database, and within a couple of hours it got overwritten by meows again. I don’t understand why the firewall is not blocking communication.
So I then decided to approach this by securing Docker, we are using a really old docker image (Elasticsearch 5.5) and the default security of both the Dockerfile and the Elasticsearch within it is horrendous. After changing the Docker configuration to trap Elasticsearch within the Docker subsystem with no ability to communicate with the wider network, Meow Bot failed to overwrite the data with Meows (after leaving it overnight), suggesting it is now secure.
I also tried upgrading Elasticsearch from 5.5 to 7.8 (which has much better security), but there are breaking changes which will make it a substantial job.
What benefit does a hacker have from such a bot? The bot doesn’t open them your bank account nor provides any personal data someone could make profit with … do they build such things just for the fun to annoy people?
It’s probably someone who was annoyed by credit cards and other personal detail being stolen due to negligence on the part of server admins/corporations, so they decided to force tightened security by deleting all exposed data.
Hi @blake and venerable @sujato
Just a heads-up, I tried searching for a few key words in SuttaCentral.net just now and it seem search is broken once again.
Probably related to this issue. There seems to be a broader problem with the back-end servers going on right now. The menus are displaying, but browsing texts is not working for all but a few documents.
