Protection of Web Servers from Google Hackers?

Google Hacking is “a computer hacking technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites use.”  The following query will locate all websites that have the words “admbook” and “version” in the title of the website. It also checks to ensure that the web page being accessed is a PHP.

intitle:admbook intitle:version filetype:php

This is how the Wikipedia defines Google Hacking. Even though Google provides so many advanced parameters likes intitle,index of to speed up our search results, but at the same time organizations are now worried about their privacy contents in their web servers exposed by these Google Hacking. Read here for more Google Hacking tips .

So how to protect Web Servers from Google Hackers?

1. Include robots.txt in Web directory.
The method is to create a file on the server which says Google bots about access rights to scrawl the website.  A simple robots file is already discussed here Prevent Google Robots using robots.txt file

2. Do not keep Confidential documents.
Web masters must ensure that no confidential documents are placed in Web Servers. Frequent auditing of Web Server contents would help to ensure and prevent Google Hacking.

3. Hack your Webserver as Google Hacker do.
Using Google parameters, you can yourself audit your webserver and ensure the level of your web server security. There are also automatic tools available say SiteDigger and Gooscan to test and speed up your work.

Leave a Reply