How Hackers Are Using Google To Pwn Your Site

Jeremy Schoemaker tracked down a hacker by making good use of logs:

So now here is where it gets interesting…. Now that I had figured out how the person was hacking into my box I was curious how in the hell the person found the file. It was in a subdirectory that I had not used in YEARS. There was no link to it from anywhere on my site. The directory structure it was in was like … html/oldforums/oldstuff/badfile.php . How in the hell did this person find this file? Well after going through the logs greping for the ip range that hacked my box I found that the person found my site from Google! Specifically using Google code search. Now while this was interesting it still did not explain how the page was even indexed…. ohh wait I use Google Sitemaps and I had it on to index everything the default setting OUPS!!

Which is a good reminder of Step One to Security: Change the defaults, ASAP.

via How Hackers Are Using Google To Pwn Your Site.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

nerdherd.com

Helping You Get Started in Cybersecurity

How Hackers Are Using Google To Pwn Your Site

Leave a Reply Cancel reply

Share this:

Like this:

Related

Leave a Reply Cancel reply