Using google to attack on your personal web server

Posted on in Categories Apache, lighttpd, Security last updated November 23, 2006

According to this document Google can be utilized to attack on your personal web server.
Google can be utilized to hack into websites – actively exploiting them (not information gathering by the use of Google hacking, although that is how most of the sites vulnerable to RFI attacks are found).

By placing a URL on any web page, Google will find it, visit it and then index it. With this mechanism, it is possible to anonymize attacks on third party web sites through Google by the use of its crawler.

Read more at securiteam.com blog… (found via slashdot)

Solution is quite simple put a web server in chrooted jail 😀 Or use OpenBSD which runs Apache out of box in chrooted jail.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

2 comment

Leave a Comment