What a Hacker can do if your Website is Vulnerable
Information that the Google Hacking Database identifies:
- Advisories and server vulnerabilities
- Error messages that contain too much information
- Files containing passwords
- Sensitive directories
- Pages containing logon portals
- Pages containing network or vulnerability data such as firewall logs.
The easiest way to check whether your web site & applications have Google hacking vulnerabilities, is to use a Web Vulnerability Scanner. A Web Vulnerability Scanner scans your entire website and automatically checks for pages that are identified by Google hacking queries. (Note: Your web vulnerability scanner must be able to launch Google hacking queries).
Acunetix Web Vulnerability Scanner includes an offline copy of the Google Hacking Database (GHDB), allowing to identify pages which can be exploited using search engines.
Preventing Google Hacking Attacks
Verify the all pages identified by Google hacking queries. Since these pages generally provide information which should not be found on your web site, you should generally remove such pages from your site. If these pages are required by your site, arrange the page so that it is not indexed by search engines and arrange the wording so that it is not easy to detect by Google hacking queries.
some of this information was taken from this site: http://www.acunetix.com
No comments:
Post a Comment