Google Hacking

Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from crawling your site and launching the Google Hacking Database queries directly onto the crawled content.
What a Hacker can do if your Website is Vulnerable
Information that the Google Hacking Database identifies:

• Advisories and server vulnerabilities
• Error messages that contain too much information
• Files containing passwords
• Sensitive directories
• Pages containing logon portals
• Pages containing network or vulnerability data such as firewall logs.

How to Check for Google Hacking Vulnerabilities
The easiest way to check whether your web site & applications have Google hacking vulnerabilities, is to use a Web Vulnerability Scanner. A Web Vulnerability Scanner scans your entire website and automatically checks for pages that are identified by Google hacking queries. (Note: Your web vulnerability scanner must be able to launch Google hacking queries).
Acunetix Web Vulnerability Scanner includes an offline copy of the Google Hacking Database (GHDB), allowing to identify pages which can be exploited using search engines.
Preventing Google Hacking Attacks
Verify the all pages identified by Google hacking queries. Since these pages generally provide information which should not be found on your web site, you should generally remove such pages from your site. If these pages are required by your site, arrange the page so that it is not indexed by search engines and arrange the wording so that it is not  easy to detect by Google hacking queries.

some of this information was taken from this site: http://www.acunetix.com

Three steps that protect web sites from hackers

You’ve worked hard on your website – so take the time to protect it by implementing basic hacking protections!
In addition to regularly backing up your files (which you should already be doing), use the following three easy steps will help to keep your website safe:

1.make sure any platforms or scripts you’ve installed are up-to-date.  Because many of these tools are created as open-source software programs, their code is easily available – both to good-intentioned developers and malicious hackers.  Hackers can pour over this code, looking for security loopholes that allow them to take control of your website by exploiting known platform and script weaknesses


2. One more important rule is to have a strong password that hackers cannot guess easily
Making sure that passwords are harder to guess will strengthen your site.

3. Change your passwords frequently.

What is the Difference Between Web Design and Web Development

Many people use the two terms “web design” and “web development” interchangeably, but they really do have two different meanings. If you’re looking for a new job or someone to build your website, you need to know the difference

Web Design

Web design is the customer-facing part of the website. A web designer is concerned with how a site looks and how the customers interact with it. Good web designers know how to put together the principles of design to create a site that looks great. They also understand about usability and how to create a site that customers want to navigate around in because it’s so easy to do.

Web Development

Web development is the back-end of the website, the programming and interactions on the pages. A web developer focuses on how a site works and how the customers get things done on it. Good web developers know how to program CGI and scripts like PHP They understand about how web forms work and can keep a site running effectively.

Steps that protect web sites from hackers

You’ve worked hard on your website – so take the time to protect it by implementing basic hacking protections!
In addition to regularly backing up your files (which you should already be doing), use the following three easy steps will help to keep your website safe:

Make sure any platforms or scripts you’ve installed are up-to-date.  Because many of these tools are created as open-source software programs, their code is easily available – both to good-intentioned developers and malicious hackers.  Hackers can pour over this code, looking for security loopholes that allow them to take control of your website by exploiting known platform and script weaknesses
2 If you’re running a WordPress website, you’ll want to look into free plugins like Better WP Security and Bulletproof Security.

Why do peaple hack web sites

There are a few reasons why people would hack a website:

1. Links back to their website
2. Links to another website (paid for links)
3. Hijacking your websites traffic
4. Inject content onto your website
5. Gain access to paid for items
6. Gain all registered users email addresses

And of course, just for fun.

How to prevent your website from being hacked

Have you ever worried about the security of your WordPress website?
What  precautions have you taken to stop people hacking your website?
We all know that  life can become far more stressful if the website was to get broken into.
Not only would you have to figure out how they did it, but you would have to repair all the damage!
 I will explain how you can take steps to stop a hacker from breaking into your website
n most cases, the people that are trying to break into your website are actually not people, they are robots.
These bots are set up to trawl the internet for admin screens and try to log into them.
The most basic of these bots will go to your login screen, set the username to admin and try some of the most common passwords:

• password
• password123
• hello
• hello123
• qwerty
• qwertyuiop
• your name
• company name

Some slightly more advanced robots will add a couple of steps in before they get to the login screen.
First they will crawl the pages www.your-domain.com/author/1, / up to /author/9.
If these pages don’t return a 404 error (page not found), then there is an author set in the database.
They simply take the first name of that author, and try those common passwords with the username set to their first name.
The final (common) method for gaining access to your admin, is by trying to access a file that is known to have issues.More on safe hacking on next Blog
.

SQL injection

From Wikipedia, the free encyclopedia

Jump to: navigation, search

SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).^[1] SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

A Classification of SQL injection attacking vector until 2010.

In a 2012 study, security company Imperva observed that the average web application received 4 attack campaigns per month, and retailers received twice as many attacks as other industries.^[2]

2 million Facebook, Gmail and Twitter passwords stolen in massive hack ...

NEW YORK (CNNMoney)

Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week.

Data breach was a result of key-logging software maliciously installed on a number of computers around the world, researchers at cyber security firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.

On Nov. 24, Trustwave researchers tracked that server, located in the Netherlands. They discovered compromised credentials for more than 93,000 websites.This sort of hacking continues to happen on a daily bases.Hackers attack your data base by using sql injections to figure out your password, banking information etc.What can we do about it?The best advice that I can give you is to change your password every month or
two.Don't use the same password for all your accounts.This makes it too easy for hackers to get all of your information.My next post I will talk about what sql injections are.

Some of this information was taken from this web site: money.cnn.com/