Page 1 of 1
Anonymous creatures viewing my shared file on google drive
Posted: Sun 21 Apr 2013, 10:37
by Barkin
Just noticed a weird thing on google drive today : multiple anonymous creatures appear to be viewing a file I intend to share, (see attachment).
However the file is "only those with link" so how do these anonymous creatures know about my file , I haven't sent the link to anyone yet ?
Posted: Mon 22 Apr 2013, 16:10
by puppy_apprentice
i think that somebody wrote script (maybe brute force method) to prepare links and check them if they work, something like:
https://docs.google.com/file/d/XXXXXXXX ... ?usp=shari
where XXXXXXXXXXXXXXXX is random number or taken from list of numbers (dictionary)
but if u check part of your link (
https://docs.google.com/file/d/) in Google Search u will get some results, try to check this in Google Search:
"
https://docs.google.com/file/d/, name of your shared file"
maybe u will find your link
Posted: Tue 23 Apr 2013, 09:16
by Barkin
puppy_apprentice wrote:i think that somebody wrote script (maybe brute force method) to prepare links and check them if they work, something like:
https://docs.google.com/file/d/XXXXXXXX ... ?usp=shari
where XXXXXXXXXXXXXXXX is random number or taken from list of numbers (dictionary)
Accurately guessing XXXXXXXXXXXXXXXXXXXXXXXXXXXXX by brute force would take trillions of centuries : it's about 30 alphanumeric characters, upper and lower case, [ a dictionary wouldn't help as it's random-looking gobbledygook ]
The only legitimate reason for this I can think of is that the anonymous creatures are generated by me viewing the page, as no other user should know the URL of the file I was about to share.
e.g. some token is generated when someone views the page and that token persists in the google system for a few minutes after viewing the page, so if you visit that page again within that period your previous incarnation still exists and is shown by an anonymous creature icon.
Posted: Tue 23 Apr 2013, 10:14
by Makoto
I wouldn't be surprised if they were bots - possibly Google's, to aid in indexing, or even checking to make sure you're not storing anything that shouldn't be there.
It's probably a good idea to ask Google about it, if at all possible, though.
Posted: Tue 23 Apr 2013, 10:47
by nooby
Don't they have a googlegroup for the Drive so
them maybe also has seen these bots?
I know nothing but thought of that they may know?
Posted: Wed 24 Apr 2013, 09:20
by puppy_apprentice
script with generated XXXXXX is one of the solutions and yes it takes some time, but your link don't have to be sent to anybody to be used, Google Spiders/Bots will add it to the search dadatase i think, it is the same if u upload some files on your server and don't put links to them on your page - they are still easily accesible (eg. via Google Search, some hackers use Google to find eg. files with passwords etc.)
i've checked this in Google Search:
Code: Select all
"https://docs.google.com/file/d/, Barkin"
and found those to files:
https://docs.google.com/file/d/0ByJAC-s ... edit?pli=1
https://docs.google.com/document/d/1wv- ... view?pli=1
i don't know if you have GD account as Barkin (and it those files are yours), but it is possible to find some files using eg. my phrase in GS
i think it is not problem with security but it is normal GD behavior (and those annonymous creatures could be you own trials too as u said)
Posted: Wed 24 Apr 2013, 09:54
by Barkin
puppy_apprentice wrote:i've checked this in Google Search:
Code: Select all
"https://docs.google.com/file/d/, Barkin"
I don't use "Barkin" as a pseudonym with Google services.
I just tried googling "
https://docs.google.com/file/d/" and my gmail email and thankfully no hits.
Googling the full URL of the shared file (no X's) gets no hits either.
Posted: Wed 24 Apr 2013, 10:07
by puppy_apprentice
so it seems and those was your own trials, and files that i found were published with flag "public" or something (i was using Google Docs some time ago but if i remember well it was possible to save files as public, visible to others) by another user/s
Posted: Wed 24 Apr 2013, 11:55
by Barkin
puppy_apprentice wrote:... files that i found were published with flag "public" or something ...
More likely someone had actually posted those google URLs on the internet, say in a forum.
puppy_apprentice wrote:... i was using Google Docs some time ago but if i remember well it was possible to save files as public, visible to others
I've never made my Google Drive files searchable via the web ...
Posted: Wed 24 Apr 2013, 13:29
by puppy_apprentice
so it seems like u have noticed your own trials, try to prepare another file (honey pot
) using "only those with link", let the file will be text file with name eg.
and text inside
Code: Select all
"if u got acces to this link, please send me info about it to xxxxxx@xxxxxx or post message in this thread http://murga-linux.com/puppy/xxxxxxxxxx"
who knows, maybe we will get answer if it is something wrong with GD and don't use this link for yourself for a while (week or two) to not get false positives