Go Back   vb.org Archive > Community Central > Community Lounge
Reload this Page How to avoid people hacking your site with the help of GOOGLE
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #1  
Old 08-01-2005, 05:32 PM
yoyoyoyo's Avatar
yoyoyoyo yoyoyoyo is offline
 
Join Date: Dec 2004
Location: USA
Posts: 1,612
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default How to avoid people hacking your site with the help of GOOGLE
Code:
http://johnny.ihackstuff.com/index.php?module=prodreviews
This link is not put here as a means to teach you how to compromise anyone else's website- it is presented here in hopes that you will keep your site more secure, and avoid some of the traps listed on that site.

SEE BELOW (POST # 7 IN THIS THREAD) FOR TOOLS TO HELP COUNTER THESE TYPE OF HACKERS
Reply With Quote
  #2  
Old 08-01-2005, 08:24 PM
AN-net's Avatar
AN-net AN-net is offline
 
Join Date: Dec 2003
Location: AnimationTalk.com
Posts: 2,367
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
maybe sending this to the dev's at vb.com would be better>_> so they can plug wholes within the software instead of helping roaming hackers find a good resource to do some hacking on others sites.
Reply With Quote
  #3  
Old 08-01-2005, 08:30 PM
yoyoyoyo's Avatar
yoyoyoyo yoyoyoyo is offline
 
Join Date: Dec 2004
Location: USA
Posts: 1,612
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by AN-net
maybe sending this to the dev's at vb.com would be better>_> so they can plug wholes within the software instead of helping roaming hackers find a good resource to do some hacking on others sites.
I will forward it to them as well, but I see no reason to deny anyone any knowledge, especially if they can use it to protect themselves.

KNOWLEDGE IS POWER

If the hackers know how to do stuff like that, then website owners should also know what they are capable of, and how to counter it. I don't think that anyone here wants to end up on their page of example sites.

EDIT: I changed the link to a URL within code tags, to avoid unlicensed people from seeing the link. Anyone who is licensed will only be interested in protecting their site with this info.
Reply With Quote
  #4  
Old 08-02-2005, 03:37 AM
twoseven twoseven is offline
 
Join Date: Jan 2004
Location: in floris' pants
Posts: 226
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
just a note anyone can google that info and come up with a site displaying it
Reply With Quote
  #5  
Old 08-02-2005, 04:09 AM
AN-net's Avatar
AN-net AN-net is offline
 
Join Date: Dec 2003
Location: AnimationTalk.com
Posts: 2,367
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
looking at the queries on google they run, it makes me want to remove my version number from public display
Reply With Quote
  #6  
Old 08-02-2005, 04:41 AM
Brad Brad is offline
 
Join Date: Nov 2001
Posts: 4,765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by AN-net
looking at the queries on google they run, it makes me want to remove my version number from public display
I've been doing this for years now, no point in anyone knowing what version I'm on.
Reply With Quote
  #7  
Old 08-02-2005, 11:22 AM
yoyoyoyo's Avatar
yoyoyoyo yoyoyoyo is offline
 
Join Date: Dec 2004
Location: USA
Posts: 1,612
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Here are tools to help with the fight against these type of hackers:
Code:
http://ghh.sourceforge.net/
Code:
GHH is the reaction to a new type of malicious web traffic: search engine hackers. GHH is a ?Google Hack? honeypot. It is designed to provide reconaissance against attackers that use search engines as a hacking tool against your resources. GHH implements honeypot theory to provide additional security to your web presence. 
     
Google has developed a powerful tool. The search engine that Google has implemented allows for searching on an immense amount of information. The Google index has swelled past 8 billion pages [February 2005] and continues to grow daily. Mirroring the growth of the Google index, the spread of web-based applications such as message boards and remote administrative tools has resulted in an increase in the number of misconfigured and vulnerable web apps available on the Internet.
     
These insecure tools, when combined with the power of a search engine and index which Google provides, results in a convenient attack vector for malicious users. GHH is a tool to combat this threat.

GHH emulates a vulnerable web application by allowing itself to be indexed by search engines. It's hidden from casual page viewers, but is found through the use of a crawler or search engine. It does this through the use of a transparent link which isn't detected by casual browsing but is found when a search engine crawler indexes a site. The transparent link (when well crafted) will reduce false positives and avoid a fingerprint of the honeypot.
             
The honeypot connects to a configuration file, and the configuration file writes to a log file which is chosen during configuration. The log file contains information about the host, including IP address, referral information, and user agent.
             
Using the information gathered in the log file, an administrator can learn more about attackers doing reconnaissance against their site. An administrator can cross reference logs and view a better picture of specific attackers.

GHH can be a minimum of 3 files, including the honeypot, the configuration file, and the log. The transparent link is made into a pre-existing webpage
Reply With Quote
  #8  
Old 08-02-2005, 02:41 PM
AN-net's Avatar
AN-net AN-net is offline
 
Join Date: Dec 2003
Location: AnimationTalk.com
Posts: 2,367
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
cool link but it does seem not to follow all of googles guidelines>_>
Reply With Quote
  #9  
Old 09-13-2005, 05:02 AM
Stachel Stachel is offline
 
Join Date: Jun 2004
Location: US
Posts: 68
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Brad
I've been doing this for years now, no point in anyone knowing what version I'm on.
How ?
Reply With Quote
  #10  
Old 09-13-2005, 05:41 AM
Brad Brad is offline
 
Join Date: Nov 2001
Posts: 4,765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by Stachel
How ?
Edit the phrase 'powered_by_vbulletin' in the admincp, remove this bit of text:

Code:
Version {1}
If you have tourble doing this please post a new thread in the General vBulletin Questions forum as this is not a support forum
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 11:25 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04535 seconds
  • Memory Usage 2,251KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_code
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete