Googling Your Company Secrets

Google & Your internet site - A Blind Alliance

Count on you have a internet site "onlineshopperdotcom" and while you seek it on Google with key phrases "on line shopper website" you might get a sneak peek at the page effects of your internet site and different web sites referring to your key-word. it is quite everyday as we all urge to have our websites searched and listed by Google. this is pretty commonplace for all e-trade web sites.

A. Your internet site "onlineshopperdotcom" is immediately allied with Google.

B. Your internet site & your internet server (wherein you have got all usernames & passwords saved) are at once allied with every other.

C. Alarmingly, Google is not directly allied in your web server.

You might be satisfied that this is regular and may not count on a phishing attack the use of Google to retrieve any information out of your web server. Now given a 2d notion, in preference to looking "on line consumer internet site" on Google, what if I seek "on-line shopper internet site usernames and passwords", will Google be able to provide the list of usernames and passwords for on line client internet site? As a safety consultant, the solution will be "maybe, now and again!", but if you use Google dorks (right key phrases for gaining access to Google), the solution will be a large "sure!" if your internet site finally ends up with mislaid safety configurations.

Google Dorks can be intimidating.

Google pops in as a serving parent till you notice the alternative facet of it. Google can also have answers to all of your queries, however you want to frame your questions properly and that's in which GOOGLE DORKS pitches in. it's now not a complex software to install, execute and watch for outcomes, instead it is a combination of keywords (intitle, inurl, website, intext, allinurl and many others) with which you may get right of entry to Google to get what you are exactly after.

Googling Your Company Secrets


For instance, your objective is to down load pdf files related to JAVA, the normal Google seek might be "java pdf document loose down load" (free is a obligatory keyword without which any Google seek is not entire). however when you use Google dorks, your search can be "filetype: pdf intext: java". Now with these key phrases, Google will recognize what precisely you're looking for than your preceding search. additionally, you will get more correct outcomes. That seems promising for an powerful Google search.

However, attackers can use those keyword searches for a completely distinct purpose - to scouse borrow/extract facts from your internet site/server. Now assuming I need usernames and passwords which might be cached in servers, i will use a simple question like this. "filetype:xls passwords site: in", this could provide you with Google outcomes of cached contents from special web sites in India which have usernames and passwords saved in it. it is as simple as that. with regards to on line shopper internet site, if i use a question "filetype:xls passwords inurl:onlineshopper.com" the results may dismay absolutely everyone. In easy phrases, your non-public or touchy data can be available at the internet, not because a person hacked your statistics however due to the fact Google changed into capable of retrieve it free of price.

A way to prevent this?

The record named "robots.txt" (often known as net robots, wanderers, crawlers, spiders) is a program that could traverse the web robotically. Many engines like google like Google, Bing, and Yahoo use robots.txt to test web sites and extract information.

Robots.txt is a record that gives permission to serps what to get entry to & what now not to get right of entry to from the internet site. it's far a type of manipulate you've got over search engines like google and yahoo. Configuring Google dorks is not rocket science, you want to understand which information to be allowed and no longer allowed in engines like google. sample configuration of robots.txt will appear like this.

allow: /internet site-contents

Disallow: /consumer-details

Disallow: /admin-details

Sadly, those robots.txt configurations are regularly overlooked or configured inappropriately through internet site designers. Shockingly, most of the authorities & college web sites in India are liable to this attack, revealing all sensitive information about their websites. With malware, far flung assaults, botnets & other types of high-stop threats flooding the net, Google dork may be greater threatening since it requires a working net connection in any device to retrieve any sensitive data. this does not stop with retrieving sensitive information alone, the usage of Google dorks everybody can get entry to vulnerable CCTV cameras, modems, mail usernames, passwords and online order information just via looking Google.

Sankarraj Subramanian is a renowned Speaker & leader facts protection consultant operating significantly on cybersecurity & penetration testing.

Comments