>> On May 20, 2011, at 10:35 AM, Keith Jenkins wrote:
>>>
>>> Just out of curiosity, does anyone on this list have any opinions
>>> about whether website owners should publicly post lists of their
>>> visitors' IP addresses (or hostnames) and to also allow such lists to
>>> be indexable by search engines?
>>>
>>> For example:
>>> https://www3.ietf.org/usagedata/site_201104.html
>>>
>>> Keith
Somehow I missed this when it went by originally ...
For websites being hosted by the federal government, although it's
not considered PII (Personally Identifiable Information), most privacy
policies state that we won't share information with third parties, and that
we only use server logs for diagnostics and tuning.
We're actually required to destroy our webserver logs within 30 days
of rolling them, or at the very least, anonymize them. We specifically
do *not* allow access logs or reports to be accessed from outside our
local network. If nothing else, posting logs and/or reports invites
'referrer spam' :
http://en.wikipedia.org/wiki/Referrer_spam
And even if you're not posting referrer information, they'll embed
it in the QUERY_STRING to connections to your site, so you'll have
requests for:
http://yoursite.example.edu/?http://spammer.example.com
Which show up in most logs as:
/?http://spammer.example.com
...
I'd say there is *no* reason to make any of your logs, raw or processed,
visible to search engines. If your administration insists on being
able to see reports remotely, put them behind some sort of
authentication. (although, in our case, authentication means more
paperwork we have to fill out)
-Joe
|