What is Google hacking?
Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from crawling your site and launching the Google Hacking Database queries directly onto the crawled content.
The Google Hacking Database is located at http://johnny.ihackstuff.com. More information about Google hacking can be found on: http://www.informit.com/articles/article.asp?p=170880&rl=1.
What a hacker can do if your site is vulnerable
Information that the Google Hacking Database identifies:
- Advisories and server vulnerabilities
- Error messages that contain too much information
- Files containing passwords
- Sensitive directories
- Pages containing logon portals
- Pages containing network or vulnerability data such as firewall logs.
Preventing Google hacking attacks
Remove all pages identified by Google hacking queries
No comments:
Post a Comment