Timely plugin doesn't 404

What do you mean it “doesn’t 404”?

Have a look at this link:

https://[site domain/etc]/action~agenda/tag_ids~329/cat_ids~296/http:/[site domain]/asdasdf/

I added “asdasdf” to that link myself.

And why is “http:/[site domain]” in the URL?

i see it like this. https://take.ms/vK64J What’s wrong?there is just the extra http:/veg.ca/asdasdf/ at the end which is ignored

A bot was spamming that url (minus the garbage at the end i entered). We have a plugin installed that limits the amount of 404ing a bot can do. Since your plugin wasn’t returning the 404 the bot was allowed to continue until we banned it’s IP on the server.

Also, I unchecked “Publicize, promote, and share my events marked as public on the Timely network” in case someone or thing is scanning your site for potential victims.

I’m removing the links from this thread now, please do the same.

Hi, the problem is that bot ( even google bot ) can crawl the page indefinitely as most urls are valid. By default we try to create a robots.txt file which disallow crawling, although evil bots will ignore this. You can see in our settings page under “Advanced”. Maybe you just have to add rules to your robots.txt like

User-agent: *
Disallow: /calendar/action~posterboard/
Disallow: /calendar/action~agenda/
Disallow: /calendar/action~oneday/
Disallow: /calendar/action~month/
Disallow: /calendar/action~week/
Disallow: /calendar/action~stream/

i’ll remove the links

i can’t edit anything, i delted the image

Thanks for deleting the image and for the tips.

As you pointed out the robots.txt edit isn’t going to protect against bots that don’t respect robots.txt.

I also suspect this bot was referred from timely since it had our domain in the url params. Why would you need the domain in other parts of the url inside the plugin?

I understand that security is multilayered and we need to take other actions to protect the server but you’re leaving the door open and we’d like to close it. Will you be updating the plugin to be more precise with urls? Or do you think it doesn’t matter?

We do not have bots, we just send data to our plugin for statistic/analytics use.
There is an opt in dialogue when installing, and we do not collect info about event details.
What we do is to allow navigation to any point in time. an example of url is https://localhost/wordpress/?page_id=4&ai1ec=action~agenda|page_offset~1|time_limit~1417996801|request_format~html where the time_limit parameters is a unix timestamp.
We never had any security issue with this, we had the issue that normal crawlers could overload the server, thus the robots.txt. If you think that the crawler is evil, report it to autorities or take some action like ban their IP, i don’t think this is “our fault”.
In any case if you have suggestions they are welcome

I’m confused – we already had those urls in our robots.txt file.

What does this mean in settings:

“Publicize, promote, and share my events marked as public on the Timely network”

That is now off, but it was on earlier today.

My suggestion is to report 404s when they happen so that the other plugin can handle it.

that settings is a leftover. Right now it just reports some analytics data to us. It is switched on if you download and activate any add on from our website. but if you look at our code, it doesn’t do anything harmful
What you refer as a 404 for us is a valid page as i explained above. It’s difficult to “handle it over”

Hi Nicola,
I can state that even if in my robots.txt I can find

User-agent: *
Disallow: /calendar/action~posterboard/
Disallow: /calendar/action~agenda/
Disallow: /calendar/action~oneday/
Disallow: /calendar/action~month/
Disallow: /calendar/action~week/
Disallow: /calendar/action~stream/

Google bot report a lot of url (aprox 1500 !) as 404s

e.g.:

event/xxx/
en/calendar/action~oneday/exact_date~yyyyyyyy/zzzzzzz/

How can I avoid all this errors ?

Thanks,
nerimizi

nermizi you must disallow all pages in robots.txt so if your calendar page is

http:/yoursite.com/en/calendar

you must disallow ( i just post one line for clarity )

Disallow: /en/calendar/action~posterboard/

if you have it in italian too it will be

http:/yoursite.com/it/calendario

and you will need to disallow

Disallow: /it/calendario/action~posterboard/

Thanks !

Thank you, nicola.peluchetti. I too was seeing hundreds of 404s after installing this plugin. I noticed that my robots.txt already had several rules disallowing bots, but they started with previous slugs of my events page. I added new rules with the correct slug of the events page, and the 404s have stopped.