Google Code Search used to hack blogs/websites

There were a lot of buzz before about the Google Code Search among programmers and coders. There were also announcements from software vendors like vBulletin that copies of their software can be downloaded from sites of legitimate license holders. All you gotta do was do a search of the software and all vB copies uploaded somewhere on someone’s website can be viewed and even downloaded. This usually happens if people leaves a copy of the software on their site without password protecting the folders where they store it.

Now, the same code search by Google is used to find vulnerable scripts by hackers attempting to pawn your site or blog. Shoemoney has the story:

Now that I had figured out how the person was hacking into my box I was curious how in the hell the person found the file. It was in a subdirectory that I had not used in YEARS. There was no link to it from anywhere on my site. The directory structure it was in was like … html/oldforums/oldstuff/badfile.php . How in the hell did this person find this file? Well after going through the logs greping for the ip range that hacked my box I found that the person found my site from Google! Specifically using Google code search. Now while this was interesting it still did not explain how the page was even indexed…. ohh wait I use Google Sitemaps and I had it on to index everything (the default setting)…

{complete story: How Hackers Are Using Google To Pwn Your Site}

Pretty clever, IMO. The very same reason why I’m always on alert for such similar incidents on my servers. Once you’re being specifically targeted by a hacker and not just a random victim, they’ll always find a way in depending on how motivated or challenged they are.

Hopefully, these incidents will make us more aware and careful or the next time, it could be our site.