Google hacking

Most Read
How to remove meta tag "generator" in Joomla useful url rewriting examples using .htaccess Securing your Joomla Ajax security: Are AJAX applications vulnerable to hack attacks? Finding High Paying Ads Authentication Hacking Attacks Google hacking What is SQL injection? Google Page Ranking Analytics for Google AdWords

Making Money Online
Ways to Make Money Online

Home

Training

Google hacking

What is Google hacking?
Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from crawling your site and launching the Google Hacking Database queries directly onto the crawled content.

The Google Hacking Database is located at http://johnny.ihackstuff.com. More information about Google hacking can be found on: http://www.informit.com/articles/article.asp?p=170880&rl=1.

What a hacker can do if your site is vulnerable
Information that the Google Hacking Database identifies:

Advisories and server vulnerabilities
Error messages that contain too much information
Files containing passwords
Sensitive directories
Pages containing logon portals
Pages containing network or vulnerability data such as firewall logs.

How to check for Google hacking vulnerabilities
The easiest way to check whether your web site & applications have Google hacking vulnerabilities, is to use a Web Vulnerability Scanner. A Web Vulnerability Scanner scans your entire website and automatically checks for pages that are identified by Google hacking queries. (Note: Your web vulnerability scanner must be able to launch Google hacking queries).

Preventing Google hacking attacks
Remove all pages identified by Google hacking queries