• The Googlehacking blacklist will be back

    So we will restart the Google hacking blacklist. It is more or less the only thing we can do in Belgium because anyone can find this information with nothing more than some Google tricks and that information is available to anyone. It is public. We didn't even touch the computer, scan something or do something. If you wanna sue someone, sue Google. There is no reason why they gives answers to sometimes such very typical googlehacks. Some are already blocked, but it is very strange why so many others that are very clearly vulnerability searches are still possible.

    You can follow the RSS feed here. There are for the moment 250+ .be sites in it although most are from the first Googlehacking campaign in may from this year. As nobody seemed to care, we just stopped and did other things. Now that De Standaard has published this article, it maybe more interesting.  RSS feed

    Google yourself before we do and publish it....

  • Google Hacking Belgian Sites : some practical tips

    The book to read (you can get it in the amazon club next to here)

    dutch, vlaams Mijn allereerste artikel over Google Hacking

    * what we already found before

    * Who is working at the callcenter of the Flemish Administration ?

    * check out if you are a spammer or blacklisted

    * check out if Google found the files you have on your server. This was a test with exell files and emailadresses. We have seen that the problemsites have taken the files away. You can test this with whatever filetype. If you have for example confidential word documents you do filetype:doc and so on

    * check out if your logfiles are available. The less information that you give, the better. So keep your logfiles and errorfiles private at all times.

    * Find the links to your PC (the local folder on your pc where you keep your files) so a virus can be written to attack exactly that folder

    * Find still 200 IIS 5 servers (we are at 6 or better 7 now) in .be today

    * Find technical information about the servers (change or delete that) and error messages

  • First steps to do before google hacking your site

    The first thing you have to do is to set up a Google account for webmasters. If you make yourself member of Google than you can use the procedure to delete or change the cache or certain links in the Google results about your site. As long as you don't do that the Google index and cache will continue to show you the hacked pages of your site.

    The second thing you have to do is to set up a robot.txt page. This robot.txt page tells Google which part of the website can be indexed and which not. You have to be careful although. Making this robot.txt page too obvious will make a Google search for such files like a discovery tour without any resistance.

    The third thing you have to do is to change the banners of your hardware and software installations. You don't have to show in Google which version of software you are running so Google can show and tools can download all the sites that are vulnerable for a certain new (unpatched?) vulnerability. Also you should change all error pages and error handling to a general 404 page or to your homepage. Technical and errorinformation is not for your readers it is for your administrators.

    The fourth thing you have to do is to place a security page on your website. The security page is a page in which you publish the technical contact for security questions, your privacy declarations and regulations and a responsable disclosure policy. In that policy you say that you want to work with people who have found vulnerabilities or problems and that if they aren't exploited and published you won't prosecute and that you will fix these problems together and attribute them if they want to and the operation is successful. Write also that you will complain against commercial enterprises that do vulnerability research and afterward want to sell a product and that those DO NOT fall under this responsable disclosure policy.

    and last but not least, you should do this often just to be sure

    And than you can start GOOGLE hacking .... to be continued