• About
    • History of Dallas SEO
    • SEO Expert Witness
  • Contact
  • Topics
    • Bing
    • Blogging
    • Branding
    • Domain Names
    • Google
    • Internet Marketing
    • Link Building
    • Local Search
    • Marketing
    • Public Relations
    • Reputation Management
    • Search Engine Marketing
    • Search Engine Optimization
    • Search Engines
    • Social Media
    • Tech
  • Advertise
  • Email Newsletter

Bill Hartzer

Bill Hartzer on Search, Marketing, Tech, and Domains.

SEMrush

Home » Search Engines » Search Engines Not Doing Enough to Stop Hackers

Search Engines Not Doing Enough to Stop Hackers

Posted on August 16, 2011 Written by Bill Hartzer

The search engines, Google, Yahoo!, and Bing are great at helping us find information on the web. If you are like me, I personally perform a lot of search queries every day, finding new information and visiting new websites every day. That’s why I use a search engine. However, the search engines are indexing too much information on the internet–and as such, they are not doing enough to stop hackers. They are helping them.

According to a new report by Imperva, their research shows that during an attack, hackers can generate more than 80,000 daily search queries to probe the Web for vulnerable Web applications. Hackers continue to use search engines such as Google, Yahoo!, and Bing, to find websites that are vulnerable–and which sites they can hack into and cause problems for website owners.

Let’s take, for example, the search query above. This is a search for “powered by oscommerce” “catalog” which use the OS Commerce application. That search query is not typical. There is really no reason why someone would want to find all of the websites that contain the entire catalog of websites powered by the OS Commerce shopping cart software unless they were up to no good.

There are literally hundreds, if not thousands, of search queries that are not ‘typical’ search queries. The search engines are not doing enough to stop these queries from being made, time and time again. In this latest test, hackers were able to query Google over 80,000 times in one day, pulling data about websites that were vulnerable. If Google had intentions of stopping hackers, search queries such as these would not be able to be performed 80,000 times in one day.

According to Imperva, here is how hackers set up automated queries in order to get information they need from the search engines:

The Hacker’s 4 Steps for an Industrialized Attack:
1. Get a botnet. This is usually done by renting a botnet from a bot farmer who has a global network of compromised computers under his control.
2. Obtain a tool for coordinated, distributed searching. This tool is deployed to the botnet agents and it usually contains a database of dorks.
3. Launch a massive search campaign through the botnet. Our observations show that there is an automated infrastructure to control the distribution of dorks and the examination of the results between botnet parts.
4. Craft a massive attack campaign based on search results. With the list of potentially vulnerable resources, the attacker can create, or use a ready-made, script to craft targeted attack vectors that attempt to exploit vulnerabilities in pages retrieved by the search campaign. Attacks include: infecting web applications, compromising corporate data or stealing sensitive personal information

Google is not doing enough to stop hackers. Imperva, in their report, explains. “Although Google Hacking has been around – in name – for some time, some new innovations by hackers require another, closer look. Specifically, Google, and other search engines, put in place anti-automation measures to stop hackers from search abuse. However, by using distributed bots, hackers take advantage of bot’s dispersed nature, giving search engines the impression that individuals are performing a routine search. The reality? Hackers are conducting cyber reconnaissance on a massive scale. ”

Imperva’s report, titled “Hacker Intelligence Summary Report – The Convergence of Google and Bots: Searching for Security Vulnerabilities using Automated Botnets”, is a fascinating read.

Filed Under: Search Engines

SEMrush

About Bill Hartzer

Bill Hartzer is CEO of Hartzer Consulting, LLC, an SEO Consulting firm that includes services such as search engine optimization, technical SEO audits, domain name consulting, and online reputation management.

Recent Posts

  • Someone Stole My Domain Name: Here’s What You Do January 4, 2023
  • Web Hosting Services Market to Grow to $254.86 Billion by 2029 December 13, 2022
  • This SEO Blog Post Was Written by ChatGPT December 8, 2022
  • Facebook Rolling Out Facebook Articles December 7, 2022
  • Doing SEO is Better Than… December 6, 2022
  • Tucows and GoDaddy Report Q3 2022 Results November 6, 2022
  • How to Measure App Events Sourced by Organic Search and SEO September 20, 2022
  • Google Allegedly Eavesdrops and Monitors the Brain 24 hours a Day to Control Humanity September 14, 2022
  • Why You Shouldn’t Hire SEOs Based on An Email September 13, 2022
  • Global SEO Market to Reach $122.11 Billion by 2028 September 9, 2022
  • Bluehost Launches New Commerce Solutions for WordPress September 8, 2022
  • Which CMS? How to Choose the Best CMS for Your Purposes August 29, 2022
  • Accidental SEO Manager: Interview with Ash Nallawalla August 15, 2022
  • Sometimes Google Isn’t Family Friendly August 1, 2022
  • Something’s Seriously Wrong with Facebook Notifications July 12, 2022
  • Facebook Internet Tracking Settlement June 24, 2022
  • RankSense Acquired by SEOClarity June 1, 2022
  • LinkedIn Links, Digital Marketing News, and SEO Questions Answered May 9, 2022
  • GoDaddy Ending Forwarding of Existing Shortened Links May 5, 2022
  • 7 Ways to Protect Your Domain Name March 31, 2022

US Agency Awards Judge

DFWSEM logo

Bill Hartzer is a Brand Ambassador for:



Industry Friends

I Love SEO
WTFSEO
SEO By the Sea
Jeff Lenney
Jeff Gabriel
Phil Drinkwater
Dixon Jones
Brian Hartzer
Navah Hopkins

Connect With Bill Hartzer

Bill Hartzer on Twitter
Bill Hartzer on Instagram
Hartzer Consulting on Facebook
Bill Hartzer on Facebook
Bill Hartzer on YouTube

Categories

  • Advertising (19)
  • Bing Search Engine (6)
  • Blogging (42)
  • Branding (12)
  • Domain Names (209)
  • Google (236)
  • Internet Marketing (25)
  • Internet Usage (85)
  • Link Building (53)
  • Local Search (39)
  • Marketing (180)
  • Marketing Foo (30)
  • Pay Per Click (3)
  • Podcast (18)
  • Public Relations (8)
  • Reputation Management (9)
  • Search Engine Marketing (44)
  • Search Engine Marketing Events (48)
  • Search Engine Marketing Firms (19)
  • Search Engine Marketing Jobs (33)
  • Search Engine Optimization (164)
  • Search Engines (204)
  • Social Media (192)
  • Tech (7)
  • Web Analytics (17)
  • Webinars (1)

Note: All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only, and are mentioned only to help my readers. All other trademarks cited herein are the property of their respective owners. Use of these names, logos, and brands does not imply endorsement.




Hartzer Consulting



Website, Content, and Marketing by Hartzer Consulting, LLC.

Copyright © 2023 ·