Introduction:-according to +fravia you can find any information which is ever kept on the web in just 13 clicks if you know how to search properly. Search engine is a source for finding information on various topics; moreover it simplifies the information finding process and helps lots of people to locate correct information. But as we know each coin has two side same apply to the search engines also. Many users use it to gain the plethora of information presented on the web but there are many ways in which this information can be misused. In this article we will see some basic techniques used for searching and then how it can be misused and what to do to prevent from it.
Basics:-as you must be knowing that Google or any other search engine regularly crawls WebPages and then adds them to there indexing system. They have there own propriety algorithm for providing page ranking to the information it gathers.that is a different topics and we don’t need to care about this. When a user enters the search string and searches the Google then based on the page ranking various results are shown to him. Google offers variety of option to make it easier for the user that they find the information what they needed. Like a user can search for a specific file type or he can search some pages from a particular site or he can search for picture files only. But this can be misused as discussed bellow:-
1)”Site”:-this option permits a user to search from specific sites for the keywords. For example the query string “users site: www.testsite.com” will search the “testsite” site for the word users and shows various results.
2)”file type:”:- with the help of this option we can make a search for any particular filetype. For example “password filetype: xls” will search the web for xls file type.
3)intitle:-each page on web contains a title text like “login” page or “add user” etc.with the help of this tag we can search the pages which contains specific titles like “this page is generated with nessus” etc.
4) Inurl:-this will give the list of all the URLs which contains a specific text. For example:-“inurl: secgeek” will give you the list of all the URLs which contains the secgeek in it.
5) allinurl:-if u want to search the URL for multiple words then this keyword can be used. for example:”allinurl:secgeek/testsite” will give the list of all the urls which contains the secgeek or testsite.the “/” will be ignored by the Google.
6) link:-link will give the list of all the webpage that contains the link to a specific site. For example “link:testsite.com”will give the list of all the pages that contains a link to the site testsite.
Some more stuff using Google keywords and string combinations:-
You might be wonder to see how with a simple combination of certain words some one can get valuable information about yourself, your organization or your employee or any other thing.
How to protect from it?
It is necessary to protect from such an information discloser leakage. If not handled properly this can lead to disclosing many information from your webserver.an administrator must take the necessary steps to prevent such kind of information leakage.
Following guideline may be useful in order to secure the web servers from such things:-
1) Disable directory browsing on your webserver.otherwise anyone can easily list and view all you filenames in a specific directory.
2) Always use proper authentication method to prevent information leakage.
3) Apply the necessary access permissions to all the directories and files on your web server.
4) You can remove you site from being listed in Google search. Check the url:-
www.google.com/remove.html for more.
5) Disable anonymous access on your sites.
