According to this document Google can be utilized to attack on your personal web server.
Google can be utilized to hack into websites - actively exploiting them (not information gathering by the use of Google hacking, although that is how most of the sites vulnerable to RFI attacks are found).
By placing a URL on any web page, Google will find it, visit it and then index it. With this mechanism, it is possible to anonymize attacks on third party web sites through Google by the use of its crawler.
Read more at securiteam.com blog... (found via slashdot)
Solution is quite simple put a web server in chrooted jail :D Or use OpenBSD which runs Apache out of box in chrooted jail.
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 2 comments… read them below or add one }
Some example hot to use Google to hack some websites, just for fun:
http://www.google.com/search?q=localhost+site%3A.com%2Fconfig.inc
That was great.. how can i get the ip add?