Protect your Web site from Google Hacking

March 8, 2008 – 4:20 PM

What’s accessible to the average person about your Web site? It could be more than you bargained for. Even if pages are hidden from view, confidential files about customers and employees could be just a search phrase away.

Google.com keeps a massive index of Web pages and files on the Web. At the end of 2004, its reach included a whopping 8 billion pages. Google isn?t picky about what it extracts from the Web. It can get to almost anything on a Web server. That’s part of the problem, but it?s not necessarily the search giant’s fault. Google simply does its job; hackers abuse its services.

Every Web site?s front is held together with numerous directories of files, images and programs. Google hackers can get to those loosely guarded directories. Those directories can include personal information from consumers like you and me.

Google is a hacker favorite because it offers the most advanced search features. Most hackers use a special set of features called advanced operators. You can find a list of those operators from Google at:
http://www.google.com/help/operators.html

One common hack involves the operator ?intitle.? The intitle operator lets you search only in Web page titles. These titles appear in your browser?s title bar, the colored area at the top of the window.

The simplest Google search for a directory is intitle:”index of”. The intitle operator searches Web page titles. Directory titles usually begin with the words ?index of.? If a server?s contents aren?t secure, that will be apparent in the search results. Adding other operators, these searches can be very specific. Google can be misused to search for budget spreadsheets, password lists, or Social Security numbers.

Google also saves copies of Web pages in a cache, or storage. A cache temporarily holds used information that might be needed again soon. Hackers can take advantage of Google?s cache of Web pages. Many sites work hard to improve security. But old, unsecured site versions can remain in the cache. Google?s cache is searchable with a ?cache? operator.

Google hacking is not a simple task for the average person. The hacker must know how Web sites are structured. Hackers must also know common directory and file names. Even then, they need the expertise to discern the valuable information.

If you are running a Web site, try different searches and operators on your site. Or if you know someone who does, pass them the link to this tip. If you have any doubts about your security, check into it. You might even want to have a security expert audit your system.

http://www.komando.com/tips_show.asp?showID=8733

You must be logged in to post a comment.