What is Google Dorking and How Can It Be Used to Find Security Holes on Your Site? What exactly do these Google Dorks do?
Did you know that Google is a hacking tool? It’s not a new concept, but your website could be advertising its own vulnerabilities on Google’s search engine. The term is called “Google Dorking,” and the process of finding vulnerable web servers through the search engine is easier than you think.
Schedule A Consultation With Ballen BrandsHow it Works
One aspect of good web programming is returning user-friendly errors. If your application doesn’t catch coding bugs, the web server returns error details in the browser. In some cases, the error details contain user names, passwords, and database specifics that you don’t want visitors to see. Most users bounce from a website that serves errors, but not Google. Googlebot is just a crawler meant to scan the web for content, index it, and then present results to searchers. If your web server returns errors from coding bugs, Google indexes the content of these errors, which could mean that sensitive login information is indexed. The result is that your web server provides searchable content that can be used to hack your website.
Related Article: How to Search Engine Optimize a Blog Post
Google Dorking refers to the process of using common error phrases that relate to a specific response code generated by a programming language. For instance, your PHP application might have the wrong database user name and password stored in your backend code. PHP returns a specific database login error that must be handled when coding an application.”Handling” an error refers to trapping it and sending a user-friendly response back to the browser. If you don’t handle the error, the database login credentials are returned to the browser. When Googlebot visits your pages, it sees the PHP errors and indexes the content. This content is then available to anyone who knows what PHP phrases to search for.
Related Article: How to do Keyword Research for your Content marketing
The 2015 SEO Report – Get your website or Blog appearing at the top of the search engines
Sample Queries
To understand how Google Dorking works, you need to understand how an error is reported and indexed in Google. When you have errors in your code, most web servers detect the error and return a code on the screen. With most servers and languages, you can choose to hide these errors and only report them to web server logs. This is the safest way to report bugs in the backend, but coders often suppress these configurations and force the server to display errors in the browser to make it easier to find bugs in web page code. When the code is uploaded to a web server, coders are supposed to change configurations to hide specific bugs from the general public. When coders don’t suppress errors from displaying, it gives hackers a tip or an advantage of identifying problems on your site.
Related Article: Google Update – Two main Content Penalties and How to Reserve Them
Google has a number of advanced search options. The three most commonly used in Google Dorking are “site,” “intext,” and “inurl.” Used in combination, hackers can find errors displayed to users for a number of sites or just yours. Error codes give hackers clues to specific malware installed on the server or possible security holes installed on the site. These security issues can be the fault of the coder or the web host, but you need to identify them on your site before you can determine a fix.
For instance, the following search query can be used to find passwords:
“inurl:ws_ftp.ini “[WS_FTP]” filetype:ini”
Copy and paste this query into Google and you’ll see a number of websites that inadvertently display FTP passwords to the general public including hackers. With the user name and password exposed, hackers can then log in to your FTP server without actually performing any malicious attacks on your server.
You can also use Google Dorking to display user names for database connections. Copy and paste the following search query into Google:
“Warning: mysql_connect(): Access denied for user: ‘@” “on line” -help -forum”
Notice a number of sites come up (hundreds of thousands). The above warning displays when a user tries to log in to MySQL. The failed attempt is then displayed on the web page. The advantage for hackers is that they now know the user name used to log in to MySQL. They can then use freely downloaded scripts to attempt to brute force the password. Brute force is a type of hacking where a list of dictionary terms are seeded into a program that then tries to log in to a system by guessing the password using each word. Brute forcing a password is why you should avoid using dictionary words or phrases to comprise your password. Always use a combination of letters, numbers and special characters.
Related Article: What is Pogo-Sticking and How does it Hurt your SEO and Rankings?
What You Can Do to Protect Your Website
Both Apache and Microsoft IIS have configurations you can use to suppress error messages. You should always suppress errors from showing up on your web pages and keep them in secured logs only. IIS has a friendly error message page that displays an error without giving any error details to the user. When website errors occur, you then check your web server logs to find the exact line of code and error causing the failure. This type of setup is much safer than displaying error messages in the browser. The sample queries given are for PHP, but Google Dorking also works for Microsoft .NET pages.
The next safeguard is to regularly check your site for errors. Your server should have error logs that are only available to you or your website administrator. One issue with website administration is keeping error logs secure. Make sure your error logs are properly secured and don’t have public access permissions. Using the example queries above, you’ll notice that some of the pages returned are plain text log files on the web server. This is a security hole for any website.
Penetration testing is another option for site owners. Penetration testing is usually performed by an expert, but you can also download the same scripts that hackers use to brute force your login pages. Google Dorking databases are freely available on the web. When you run queries, use the site operator to limit results to only your website. This helps you find error codes displayed from your web pages only, so you can clean up security holes you find through Google. Penetration testing is a difficult process that should be handled by a professional if you don’t understand code or hacking.
Finally, always keep pre-packaged software upgraded, especially WordPress and its plugins. WordPress is probably the most commonly hacked system, because plugin programmers don’t need to test code for hacks before uploading them to the WordPress public repository. Good plugin programmers ensure their code is protected from common hacks such as SQL injection, but it’s not a requirement from WordPress administrators. You should also stick to plugins where developers regularly update the code to secure them from the latest hack techniques.
Running a website is more than just uploading code. You must always check your site for any issues and frequently check for coding mistakes that could lead to your customer and internal data being exposed to hackers. Use Google Dorking to search your own pages for vulnerabilities before hackers find them.
