[Users] Zimbra login page is indexed in search engines by default, is this good or bad?

Info Zeta Alliance info at zetalliance.org
Fri Mar 22 08:30:58 CET 2019 

Thanks Malte! I will use the x-robots-tag option and see what it does. 

Kind regards, 

Barry de Graaff 
Zeta Alliance 
Co-founder & Developer 
zetalliance.org | github.com/Zimbra-Community 

Signal: +31 617 220 227 
Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0 


From: "Malte S. Stretz" <mss at msquadrat.de> 
To: "Barry de Graaff" <info at barrydegraaff.tk> 
Cc: users at lists.zetalliance.org 
Sent: Thursday, 21 March, 2019 22:57:12 
Subject: Re: [Users] Zimbra login page is indexed in search engines by default, is this good or bad? 



I tend to set it to TRUE on all systems I install. Most customers don't like it when their Webmailer appears in the search engines, especially if it isn't always patched to the latest version, it makes them uncomfortable. Good old security by obscurity. I can understand this somewhat; OTOH is it pretty trivial to find Zimbra installations anyway via eg. Shodan. 




Setting this option will actually have the odd effect that Goodle will find it anyway if you happen to hit the right terms but just show no description (cf. [ https://support.google.com/webmasters/answer/7489871?hl=en | https://support.google.com/webmasters/answer/7489871?hl=en ] ). An alternate approach which hides the page better is 
zmprov mcf zimbraMailKeepOutWebCrawlers FALSE
zmprov mcf +zimbraResponseHeader "X-Robots-Tag: noindex"
zmmailboxdctl restart 





Of course this won't help with people who search for Zimbra and find some other installation and type in their password there. On the contrary, this will make sure that they won't accidentally find the right one. 





Since historically Zimbra is more an ISP product it probably makes sense to be able to search for it per default. Dunno, I doubt that anybody will change the defaults so discussing this is moot. 





Cheers, 

Malte 



On 21/03/2019 22:42, Barry de Graaff wrote: 



That is nice... do you think it should be default? 

Kind regards, 

Barry de Graaff 
Zeta Alliance 
Co-founder & Developer 
zetalliance.org | github.com/Zimbra-Community 

Signal: +31 617 220 227 
Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0 


From: "Malte S. Stretz" [ mailto:mss at msquadrat.de | <mss at msquadrat.de> ] 
To: [ mailto:users at lists.zetalliance.org | users at lists.zetalliance.org ] 
Sent: Thursday, 21 March, 2019 21:54:54 
Subject: Re: [Users] Zimbra login page is indexed in search engines by default, is this good or bad? 

zmprov mcf zimbraMailKeepOutWebCrawlers TRUE 
zmmailboxdctl restart 



On 21/03/2019 21:07, Randy Leiker wrote: 

BQ_BEGIN

Hi Barry, 

I've seen our own customers do the same thing at times, by Googling "Zimbra" and trying to login to whichever site they find in the search results. 

On Synacor's end, it would be trivial to start discouraging search engine spiders by including a meta tag like this on the login page: 
< meta name =" robots " content =" noindex,nofollow,noarchive,nosnippet,noimageindex " /> 
Combined with adding a robots.txt file in the web site root disallowing indexing of any content on the site, that would at least start reducing the problem gradually as Zimbra admins upgrade over time. But, of course, it doesn't do anything to help with the current situation. 


Randy Leiker ( [ mailto:randy at skywaynetworks.com | randy at skywaynetworks.com ] ) 
Skyway Networks, LLC 
1.800.538.5334 / 913.663.3900 Ext. 100 
[ http://www.skywaynetworks.com/ | https://skywaynetworks.com ] 


From: "Info Zeta Alliance" [ mailto:info at zetalliance.org | <info at zetalliance.org> ] 
To: [ mailto:users at lists.zetalliance.org | users at lists.zetalliance.org ] 
Sent: Thursday, March 21, 2019 2:42:02 PM 
Subject: [Users] Zimbra login page is indexed in search engines by default, is this good or bad? 

Hello All, 

Zimbra login page is indexed in search engines by default, is this good or bad? 

I see a lot of spammers taking advantage of this, trying to trick people. By referencing 
to the domain and found email addresses online. 

Also, I see end users that just google Zimbra and try to log-on on the first hit found, 
yes I know... 

But what is the use for indexing the login page really? Do you think the default 
behaviour (indexing) is good? 

Please let me know! 


Kind regards, 

Barry de Graaff 
Zeta Alliance 
Co-founder & Developer 
zetalliance.org | github.com/Zimbra-Community 

Signal: +31 617 220 227 
Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0 





BQ_END

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20190322/e85e4a83/attachment.html>

More information about the Users mailing list