Google is considered to be a powerful search engine that helps millions of users to find fast & easy useful webpages. Nevertheless Google Search can also be a handy tool in the hands of malicious users, spammers & hackers.
In this article we will describe few tricks that can be used in Google Search in order to easily find and access pages that normally should be protected. At the end of the article we will discuss how webmasters can protect their sites from such attacks.
Important Notice: The purpose of this article is to inform webmasters about the risks they face and help them secure their websites. If you use this article’s content for anything other than educational purposes, the author of this site is not responsible for your actions or anything as a result of your actions.
How to Access Member Only Areas
Lots of forums allow access in some or all of their threads only to their members. Others do not disclose to unregistered users important parts of the page such as links and images.
Nevertheless, in some cases the webmasters of those forums allow Google to index the secured pages in order to appear in the search results and increase their SE traffic.
In some of those cases if the page is already indexed by Google you can overcome this limitation by using the “cache:” operator. What you need to do is search on Google for the following term cache:Locked_URL. Example: cache:http://www.example.com/some_locked_thread.php?id=2323
If the cache operator is not available try searching for the URL address. If it is a non HTML file you can also try the View as HTML or the Quick View Google features.
How to Access and Download restricted files
There are cases where PDF, DOC or similar files are accessible only to members and paid users. Nevertheless it is very easy to overcome this limitation if you are aware of a small sentence of the document and by finding an unprotected version of the file elsewhere.
Try searching for this small sentence on Google by including it in double quotes. Example: “and as a result the SEO is the”
The less important this sentence is, the more targeted the results will be and thus the better for you. Generally you should avoid searching for Titles because they are used more often as a reference by irrelevant pages.
In case that you know only the title of the document you can search for it by using the intitle and the filetype operators. Example:
intitle:”The PageRank Citation Ranking” filetype:pdf
If you don’t find right away the unprotected version then you can use the text that appears in the snippets as a small sentence. If the sentence is not long enough try guessing keywords and phrases that appear in the text in order to get a more descriptive snippet.
How to Access Unprotected Internet webcams
If a webcam is not configured properly it can be accessed via web by everyone without using username and password. The worst case scenario is not only to have it unprotected but also to be indexed in Google. If this is the case, by using particular search queries you can find those pages and spy on their owners. Here are some example queries:
intitle:”Live View / – AXIS” | inurl:view/view.shtml^
If you are interested there is a great article called “Hack to Search and View Free Live Webcam with Google Search” where you can read more about this topic.
How to protect your website and your privacy
There is a very basic and easy to remember rule that can help you protect your website and your privacy from such attacks. Make sure you block from Google all the content that should not be indexed. Also make sure you restrict the pages by using username and password. This can be done easily by using your .htaccess file or by protecting the member area with a PHP or a similar script.
Make sure you restrict the access and the direct downloads of sensitive files. My suggestion is to store them in a folder that is not accessed via web or in a DB and then by using a PHP or other script decide whether you are going to allow access to the file or not.
Some basic security tips:
- Ensure that you secure the webcams by making authentication required.
- Don’t place on the web sensitive information.
- Use strong passwords and change them regularly.
- Remember to update your servers and patch your software regularly.