I was talking to a friend the other day who was getting quite paranoid over the fact that I could formulate special Google queries and possibly expose sensitive data on her website. But in the interest of security, let me throw out a couple examples of “Google Hacks” that can be employed by malicious ineternet surfers to get your sensitive data! These are not new. These are well known (as well known goes). I am not putting new information out there. Hackers already know this. But the best offense for you and your site is a good defense.
- Find a commmonly named cdkey.txt file that many people use: allinurl:cdkey.txt
- Find SQL passwords. USers might backup their databases to their webspace using the standard .sql file extension. Because this file is a text file, Google can discover them using the following query: filetype:sql +”IDENTIFIED BY” -cvs
- If you use FileZilla to create backups of your website, you’re likely vulnerable to this one. inurl:filezilla.xml -cvs
These are examples of literally hundreds of potentially deadly google hacks. Johnny at ihackstuff.com has them all with more added all the time.
