Hello all! In This Thread I'll Share with you some important way to protect protect your website against hacker: At first Time You will open : www.google.com ** Now You Will Check If Your Website Will not be shown In This Search Results !!!! What I'll search in Google ? * You Will Search This Terms : 1) "index of" (private | privat | secure | geheim | gizli) site:youwebsitename.com (Conedential directories and files can be revealed with the following query) 2) "create table" "insert into" "pass|passwd|password" (ext:sql |ext:dump | ext:dmp | ext:txt) site:youwebsitename.com (Username and password pairs can be searched within sql dump files) 3) intitle:"index of" inurl:/backup site:youwebsitename.com (Backup directories can contain also some sensitive data about users, organi- zations, companies, etc.) 4) intitle:"Index of" .mysql_history site:youwebsitename.com (The .mysql_history file contains commands that were performed against a mysql database. A "history" of said commands. First, you shouldn't show this file to anyone, especially not a MAJOR SEARCH ENGINE! Secondly, I sure hope you wouldn't type anything sensitive while interacting with your databases, like oh say USERNAMES AND PASSWORDS...) 5) allinurl:"/*/_vti_pvt/" | allinurl:"/*/_vti_cnf/" site:youwebsitename.com (Frontpage extensions for Unix ...) 6) And Many Other Queries Can Be used By Hackers, To Get Access Into Your Website !!! Please Rate This Post !!! We Will Give You After Posting , Some Solutions To Protect Your Website Against Hackers !!! Thank's Best Regards Chemouri.
Call me slow, but I never knew there were that many ways to steal from others who put all there time and effort into online marketing. Thanks for the info.
Hello All! Here We Try as Possible To Help and Share Ideas and Experiences , This Post is About , Helping Webmasters To Protect their Websites and Close vulnerable Holes in their Websites !!! Thank You For Sharing Experiences Here !!!
Or you can check your site without google... it's pretty much common sense. .htaccess is your friend protect your directories with passwords, removing php_flags from upload directories adding an empty index.html file... etc. Scan your site for sql injection vulnerabilities.... Look at your error logs and look at your access logs find any suspicious activity? Etc so many ppl have their stats dir unprotected yet so easy to just secure the directory with a password..
Hello! Thank You " 007c " , For This Ideas !!! That All !!!! Any More Way To Protect Your Website !!! Where is Expert Webmaster , plz Share Your experience With Us ????
If you want to play around with more Google hacking (that's what they call it when you use Google to search for vulnerable sites.) then you would be best off visiting the Google Hacking DataBase. Of course, this isn't a thorough way to protect your site but it sure would be embarrassing to find that Google indexed an old SQL database dump that you left in your backups folder inside your webroot. Plus... it's fun to lauch at all the webmasters who do end up getting their /etc/passwd file indexed.
Quite frankly, many of these google dorks are entirely useless if the website doesn't have a password file indexed on google. And the _vti_pvt is for Frontpage . . . this is EXTREMELY old, and I doubt it will come in much use now. Anyway, if you're running a website using frontpage . . . it probably isn't even worth the attackers time. I think you have more important things to worry about than a high school kid browsing google. For instance people who know what they are doing and have access to a multitude of 0days.
SQL injection vulnerabilites are definitely what you be on the lookout for. I work for a webhosting company and most of the time, that's how sites are compromised. If you write code, always validate any code that a user enters, to verify that it matches the input you expect, and if you use a content management system, make sure you are at the latest version. Here's a descent article on how SQL injection works. http://www.governmentsecurity.org/articles/SQLInjectionModesofAttackDefenceandWhyItMatters.php
It Was Very Intreresting Thank You For Such An Educative Post I Dont Even Lnow About This Its A Serious Security Hole. Thanks I Will Try Prevent Hackers From My Site
Seriously, are you really pretending to show people how to protect themselves by showing a few Google queries ? Do you really think that these queries will help you auditing your website ? On a security point of view, this thread is a big scam. You are creating false beliefs about security. Are you just trying to post a catchy title to get visits on your thread to take advantage of the Shared Ad Revenue system ? I should calm down, that sort of thread makes me freak out.
Hello! Thank you USKI! First I tell that don't know anything about DP Shared Ad Revenue system! For Google queries , its very very Interested and serious ; Why ? , I'll Tell Per Exemple some days ago I've used this query in Google : Account info intext:"statcounter" filetype:txt in the 4th resutlt : Triad Mobile Werks ... - [ Traduire cette page ] ... ************************************************** Statcounter http://www.statcounter.com Account ID: 1239515 Username: ... triadmobilewerks.com/Account%20Info.txt - 1k - En cache - Pages similaires The File : account info.txt contain serios information like Ftp Password , Website Password .... ; and ther is more holes that can be found by google queries ! and Know that I'm a Hacker Too , and I try To Help People Here , Finaly I want to ask you about DP Shared Ad Revenue system ???
What you find on google is only representative of a small number of websites. It's very unlikely that you will find your exact site using one of these good dorks. Honestly, there are much better ways to secure a website. This is simply a waste of time. A hacker could figure it out for themselves