Hackers love search engines
by Darren
June 27, 2006 – 7:15 amI know most people love search engines, and hackers are no exception. They use search engines to make nice lists of targets. This is quite a common thing, with signatures from certain websites targeted:
“Search engines crawl sites, and some information that you don’t want exposed is also exposed because of lack of knowledge of what is on the systems,” Bhalla explained.
The more information that is left publicly accessible on the web server, the more vulnerable the website is to attack. It’s probably true that many people would never even think of something as subtle as how much info the crawlers have made available about your website.
The best part for a hacker using a search engine to find victims is that they can go unnoticed. They aren’t scanning ports or doing anything intrusive enough to set off detection traps. They can quickly find machines that are vulnerable, while raising few suspicions.
Bhalla also pointed out using a robots.txt might help, but:
- It can be read by a human
- Certain crawlers don’t follow it, so you aren’t protected
Awareness of the situation is half the battle.
Subscribe to RSS Feed
Subscribe to Updates via Email
Sorry, comments for this entry are closed at this time.