Talk Digger: Check who is linking to you

Frederick Giasson

I am pleased to present you my second side-project: Talk Digger.

I developed an addiction for my blog statistics and for people talking about my writings. I was always checking the link-backs to my domain name on the major search engines. As everybody knows it, no search engine is perfect and some could index a web site and not the other. It is the reason why I was checking on many different search engines.

Then some weeks ago I asked myself that question: why don’t you build an application to query all these search engines for you, displaying the results and some statistics of these queries. Then I started to develop Talk Digger. I also noticed that Robert Scoble was in a mood of comparing different search results from the major blogging search engines like Bloglines and Technorati. Then I told myself that such a service could also interest other people. This is the reason why I developed it as a web service: to enable other people to use it and benefit from it. Then Talk Digger was born.

What is Talk Digger?

This is a web service that query major search engines to know who links to a specific URL. The results will then be processed and displayed on Talk Digger. There are 3 specifics things that will appear when you dig for a link:

  1. Result. This is the number of links to that URL. If you click on that blue number, you will be redirected to the result page of the search engine and be able to know who links to you
  2. Trend. This is an arrow that will show you if the number of results for that search is higher, lower or the same as the previous one. This is really effective when you wake up the morning and that you need to instantly see if someone as talked about your blog during the night
  3. 7 last digs trend graph. This is a graph that shows you the evolution of the results returned by the search engines in the last 7 search requests

How this service can be used?

Talk Digger is basically intended to bloggers that want to know, in a single click, if new people talked about their blog or one of their specific stories.

Is Talk Digger only for blogger?

Certainly not; anybody can use it; there are some situations where you could want to use it:

  • You are a blogger and you want to know who link to your blog
  • You are a blogger and you want to know who link to one of your specific stories
  • You are reading an article somewhere on the Internet and you want to know who talk about it and what they have to say
  • You are someone that is interested in comparing the results of different search engines

Basically, you have three things to do when you want to search for an URL:

  1. Enter the URL you want to search for into the edit field
  2. Press the “Dig it!” button
  3. Wait until the results appear

Is there other ways to use that service? Certainly

If you are blogger, or a person that write articles on his website, you could be interested by implementing a text or a button link that would redirect your reader to that service with the article’s URL. Then they would instantly know who is talking about your article on the Internet. How to do it?

You only have to create a link with that URL:


talkdigger.com/index.php?surl=mydomainname.com/mystory.htm

Check the posts of this blog. In the bottom, you can see little “emitting antenna” icon. If you click on it, you will be redirected to Talk Digger, and will instantly search for that post. This is an example of how you could implement that service into your blog/web site.

Try and it tell me what you think about it; your first impression; things to change; things to add; etc.

Please have in mind that this is the Beta edition. So you could expect some little glitch, depending of the browser you are using. This is one of the joys with Ajax: you never really know if it will work everywhere, exactly the same way.

Technorati: | | | | | | | | | |

Security treat: the ftp address, username and password of your website’s server broadcasted over the Internet

Frederick Giasson

That post talks about another security problem resulting of the bad interaction between two different applications. The current problem is that the ftp address with the login name and password of your web site can be viewable by anybody on the Internet in a specific situation.

How it happened?

I am using the AceFTP software to connect to the ftp of my website’s server. It is a really nice ftp software. One of the useful features is that you have the possibility to view a file (text, image or webpage) in an embedded web browser. Then if you click on your index.htm file, you will see it instantly into the browser; it is really useful when you do not remember what a specific file was.

I am also using StatCounter as my web site statistic application. I already talked about that beautiful service before. You only have to put a little JavaScript code on one of you webpage, and it will record the entry and exit pages of your visitors.

Now you wander what is the problem?

The problem exists when one of the feature of AceFTP and another one of StatCounter interact together:

  • The preview feature of AceFTP
  • And the possibility to put your statistics public with StatCounter

Note: you need to have in mind that this security problem can be possible with other ftp client softwares that have the same feature and any other web site statistics services that broadcast the stats publicly. I get AceFTP and StatCounter in my example because it is with them that I discovered the problem.

You see the problem coming? When I check a file that contains the JavaScript code of StatCounter in the “embedded browser”, the code on that page is then executed by the ftp client software. Then the visit will be recorded by StatCounter. The problem is that the entry page that StatCounter will show will be something like that:

username:\[email protected]/thefilepath.htm

Then if the public statistics of your StatCounter account is at “on”, then anybody can have access to the ftp server of your web site.

Demonstration

  1. I check one of my file containing the StatCounter’s JavaScript code with my ftp client software
  2. Then I check my stats

How can we fix the problem?

  1. Web services like StatCounter could check for the patterns: “* : * @ *”, then hiding them. It is exactly what Bloglines had done when I discovered a problem like this one with their web application.
  2. You could use another option of StatCounter that enable you to ignore the visits that come from your IP address. Then if StatCounter ignore your visits, such activities will not be the recorded.
  3. You could simply stop using the preview feature of AceFTP.

Conclusion

My conclusion is that same as the one I wrote for the Bloglines’ problem with the RSS feed: This experience is a good example of the potential security treats that can appears when more than one system start to interact together.

Technorati: | | | | | |