Search engines such as Google are useful tools for quickly finding web pages that best match the searcher’s needs, but managed security services will save you from getting hacked.
Search engines are highly versatile in that they aren’t limited to finding web pages. By using the right search operators in a search query, documents such as PDF files and spreadsheets can be found and downloaded.
This makes search engines ideal for the hacker looking for easy access to sensitive information or to gather general information about potential hacking targets.
Any type of file with Internet exposure can be accessed provided it has been indexed by the search engines. It’s a simple matter of using the file type search operator followed by a file extension that corresponds to an Excel spreadsheet, OpenOffice spreadsheet, word document, text file, backup file, database file, and so forth.
If the hacker is after passwords, his search query would include any words that would likely be found in such a file including the words “username” and “password.”
A good file type for finding sensitive information might be an Excel spreadsheet, since businesses and individuals make extensive use of them for information records, including passwords.
Many camera devices are controlled from web browsers. These can be found by searching for words commonly used on these pages, or URL strings commonly used for specific camera devices. Controlling the camera amounts to visiting the web page and using the controls to view the area that’s surveilled.
A hacker with good tech knowledge can contrive hundreds of search queries targeting files and web pages containing sensitive data or information that reveals easily exploited vulnerabilities.
Protecting Your Website From Search Engine Hacking
- Use the robots.txt file. Use the robots.txt file to request that search engines not crawl portions of your website. Search engines should honor this request but you shouldn’t completely count on it.
- Don’t expose sensitive information to the Internet. Don’t store sensitive information on servers accessible by the Internet. This includes cloud services that lack strong security procedures. Vet your cloud service provider carefully.
- Password protect web pages not meant for public viewing as well as your spreadsheets and other documents. If such protection isn’t available for a particular document type, don’t use it.
- Use a modern website. Some of the earlier websites stored login passwords in unencrypted form in text files.
Finally, get help from professional security experts such as those at WheelHouse IT. To learn more about keeping your data safe and about our managed security services, contact us.
