SEO Useful Tips

Friday, March 03, 2006

Know about 'Google hacking'


Google hacking is the use of a search engine, such as Google, to locate a security vulnerability on the Internet. There are generally two types of vulnerabilities to be found on the Web: software vulnerabilities and misconfigurations.

Although there are some sophisticated intruders who target a specific system and try to discover vulnerabilities that will allow them access, the vast majority of intruders start out with a specific software vulnerability or common user misconfiguration that they already know how to exploit, and simply try to find or scan for systems that have this vulnerability. Google is of limited use to the first attacker, but invaluable to the second.


When an attacker knows the sort of vulnerability he wants to exploit but has no specific target, he employs a scanner. A scanner is a program that automates the process of examining a massive quantity of systems for a security flaw. The earliest computer-related scanner, for example, was a war dialer; a program that would dial long lists of phone numbers and record which ones responded with a modem handshake.


Today there are scanners that automatically query IP addresses to see what ports they have open, determine what operating system they're probably running, or determine the geographic location of the system. One of the most popular IP scanners is NMap, a free open source utility for network exploration and security auditing. When using NMap, the user specifies a range of hosts and the specific services on each one to scan for. The program will then return a list of the available (and presumably vulnerable) systems.


With a little creativity, Google can be made to operate in a similar way as NMap, even though they use different protocols. As an example, let's pretend we are intruders and we know there's an exploit that will allow us to steal credit card information from any online store that uses SHOP.TAX scripts and that www.secure.com uses SHOP.TAX. When we try our exploit, it turns out that they've already patched the vulnerability. What do we do now? We turn to Google and enter the following search string: inurl:shop.tax


Note that the above search employs advanced operators to produce a list of all sites that have "shop.tax" somewhere in their URL, essentially a list of potentially vulnerable targets. Just as with NMap, all that's left to do is try our exploit against each site on the list.
There are countless variations on this scheme, including some rather clever ways to find particular versions of server programs.


Sometimes administrators misconfigure their sites so badly, it's not even neccessary to use a "third party" exploit in order to gain access to a system. Google indexes the Web very aggressively, and unless a file is put behind in a password- or otherwise access-restricted area of a Web site, there is a good chance that it will be searchable in Google. This includes password files, credit reports, medical records, etc. In cases where the files are not adequately protected from Google, the search engine has basically already performed the exploit for the attacker.


In this way, Google can also be used as a proxy for exploits. A proxy is an intermediary system that an attacker can use to disguise his or her identity. For example, if you were to gain remote access to Bill Gates' computer and cause it to run attacks on treasury.gov, it would appear to the Feds that Bill Gates was hacking them. His computer would be acting as a proxy. Google can be used in a similar way.


The search engine has already gathered this information and will give it freely without a peep to the vulnerable site. Things get even more interesting when you consider the Google cache function. If you have never used this feature, try this:

Do a Google search for "SearchTechTarget.com." Click on the first result and read a few of the headlines. Now click back to return to your search. This time, click the "Cached" link to the right of the URL of the page you just visited. Notice anything unusual? You're probably looking at the headlines from yesterday or the day before. Why, you ask? It's because whenever Google indexes a page, it saves a copy of the entire thing to its server.

This can be used for a lot more than reading old news. The intruder can now use Google to scan for sensitive files without alerting potential targets -- and even when a target is found, the intruder can access its files from the Google cache without ever making contact with the target's server. The only server with any logs of the attack would be Google's, and it's unlikely they will realize an attack has taken place.

An even more elaborate trick involves crafting a special URL that would not normally be indexed by Google, perhaps one involving a buffer overflow or SQL injection. This URL is then submitted to Google as a new Web page. Google automatically accesses it, stores the resulting data in its searchable cache, and the rest is a recipe for disaster.

How can you prevent Google hacking?

Make sure you are comfortable with sharing everything in your public Web folder with the whole world, because Google will share it, whether you like it or not. Also, in order to prevent attackers from easily figuring out what server software you are running, change the default error messages and other identifiers. Often, when a "404 Not Found" error is detected, servers will return a page like that says something like:

Not FoundThe requested URL /cgi-bin/xxxxxx was not found on this server.Apache/1.3.27 Server at your web site Port 80

The only information that the legimitate user really needs is a message that says "Page Not found." Restricting the other information will prevent your page from turning up in an attacker's search for a specific flavor of server.

Google periodically purges it's cache, but until then your sensitive files are still being offered to the public. If you realize that the search engine has cached files that you want to be unavailable to be viewed you can go to ( http://www.google.com/remove.html ) and follow the instructions on how to remove your page, or parts of your page, from their database.

Wednesday, February 22, 2006

Beginner's Guide to Search Engine Optimization (SEO)


Hello Friends,

If you are a beginner to SEO, just enter in to this below URL , you can get lot of information about SEO

http://www.seomoz.org/beginners.php

Thursday, February 16, 2006

Blogs Helps In Attaining The Higher Google PageRank

Dear Friends,

If you want to know about Blogs in attaining the higher google page rank

Just log on to : http://www.dailyindia.com/show/2940.php

Regards
Catherine

Wednesday, February 15, 2006

Top 14 Tips to Promote Your Website

1) Banner Advertising
Although many marketers already know about the pay-per-click search engines, very few are purchasing guaranteed banner click-thru's that are available on hundred's of sites.
Look for sites that cater to your target market and look for, or ask for, their advertising rates. Slowly but surely most of the sites that sold banner impressions are starting to offer performance advertising in the form of pay-per-click.
2) Write articles
Writing Articles is an excellent way to promote your website and best of all you can get recognize as an internet business expert.
This is very easy to do, for people that don't know how to write real good yet look at other articles to get good ideals (Don't steal them). After you write a article insert a link to your site and there you go.
If you don't know what to write, just write what you know best. You must have some knowledge or experience in one domain. Don't you?
You can submit your article to ezine or article directory like:
http://www.articlecity.com
3) Exchange links
Exchanging links is one of the best methods for getting web site traffic and ranking higher with search engine when you start a site you should exchange many as possible links with sites that are RELATED to YOUR site. Search Engine's robots are eager to find new links and fresh information.
4) Mailing List
Having a mailing list can bring wonders to a web site, not only will it help bring old visitors back , but they will send the newsletter to their friends (If they like it).This is like gold for you. The only real purpose for a consumer website is to capture leads and to sell products. By leads I mean e-mail addresses.
You want to build up a customer list and then you want to work it repeatedly. Send out a monthly e-zine that offers FREE valuable information and mentions similar products they may be interested in. They may see something that a friend of theirs will want to buy from you.
5. Search Engine Optimization
It is no secret that search engines are the number one traffic generating method for driving visitors to web sites. Search engines are very useful in helping people find the relevant information they seek on the Internet. The major search engines develop and maintain their own gigantic database of web sites that can be searched by a user typing in a keyword or keyword phrase in the search box.
Search engine optimization (SEO) is the process of studying the search engines in an effort to determine how to get your web site to rank high on user searches. Depending on the statistical information reviewed, search engines account for over 80% of the visitor traffic to web sites.
6. Pay-Per-Click
It is good to get traffic but it is even better to get sales. Pay-per-click advertising is a great way to pull targeted traffic. Could anything be better? In many cases, pay-per-SALE advertising is a better choice. With pay-per-clicks, you may or may not make sales.
With a pay-per-click program, there's very little or even NO risk. You only pay when you make sales. Affiliate programs and joint ventures are examples. Set up deals where you pay only for each sale.
7. Free online forum.
The forum can be on any topic that they are most interested in. One forum can be about "Online Business". Another forum can be about “Joint Ventures". When people join those forums, make sure that they need to come to your site first and log in from there, if they want to log on and post on the forum.
8. Give Something For FREE
FREE E-books or Software is a good way to bring on visitor and to keep them at your site Visitors like to receive free offers. Entice your visitors with freebies and have them coming back for more.
9.
Postcard
Simple low-cost postcards have become a valuable internet business tool for modern marketers. They can produce a wave of traffic to your web site or a flood of high-quality sales leads.
10. Market Statistic
You can use features on your website such as visitor polls, online surveys and your website statistics to find out what your customers like more and how they feel about certain aspects of your business to determine how you can improve your product and the way you do business.
11. FREE Advertising
There is a lot of FREE Advertising on the Internet. There is Classified Ads. FREE For All Pages (FFA), Ezine, Article Submission and Newsgroup of course and many more.
12.
Blogging
Blogs are a relatively new and popular way to publish content on the Internet. They allow the blogger to publish content very quickly AND get feedback from the people that read it. Because they are new and content is created regularly, search engines love indexing them - and if search engines love them, you should too.
13. Real Syndicated Content
RSS marketing is a tool used by many on the Internet to deliver articles, advertisements, emails, customer support responses, ezines to clients and potential clients. It is also a good way to rank higher on search engines and traffic from different websites with RSS.
14. Press Releases
A press release is a public relations announcement issued to the news media and other targeted publications for the purpose of letting the public know of company developments.
You should write on news about your business. Don't make your release a sales letter. It will get banned.
Search engine adores press releases. They are food for them. A good press release can bring thousand of free visitors to your website.

Welcome To my blog

Dear Friends,


Just post Your SEO Useful Tips to End-users and Collect the useful tips and updates regarding search engine optimization from My Blog


Regards

Nithya