Ask.com exposing real-time user queries to the public

Ask.com left its server status Apache page open to the public, exposing private search data to the world.

Chat with SearchBot

Ask Com Logo2 1920

Ask.com’s Apache server status page is open to the public at ask.com/server-status. That technically means that any queries and user actions done on that server on Ask.com are open to anyone to look at.

It is unclear how long this page has been open to the public, but the server status page says the last time this server was restarted was over three days ago. Is it possible that on that reboot, the server status page was accidentally left unlocked and exposed?

All the IP addresses listed are internal IPs, likely the Ask.com firewall. So it is not exposing unique searchers’ IP information. But it is exposing user queries, how many searchers are done, in real time.

Here is a snippet of the exposed log:

Ask Server Status

You can see that a searcher is looking for a Rolex Submariner watch, a purple leaf sand cherry hedge, Australian securities exchange share prices and more. Clear queries from real searchers are fully exposed here. You can simply keep refreshing the ask.com/server-status page and see new queries from real searchers.

This, on some level, reminds me of the AOL search query leak, where a user’s queries were able to be uncovered and tracked down.

This was discovered by Paul Shaprio about two hours ago.

Postscript: At 11:15am EST, the page has been locked down and we can no longer access it.

Ask.com’s press team sent us this response:

We have been working to address the inadvertent publishing of the Ask.com server status page and can report that this matter has now been globally resolved. We can confirm user IP addresses were not accessible during this incident, only queries and the IP addresses of our internal servers. We regret this error and are committed to protecting the confidentiality and security of our users’ information.


About the author

Barry Schwartz
Staff
Barry Schwartz is a Contributing Editor to Search Engine Land and a member of the programming team for SMX events. He owns RustyBrick, a NY based web consulting firm. He also runs Search Engine Roundtable, a popular search blog on very advanced SEM topics. Barry can be followed on Twitter here.

Get the must-read newsletter for search marketers.