It's one of the simplest hacks we've seen in a long time, and the more elite computer users have known about it for a while, but it's still kinda cool and just a little bit unnerving: A hacker has revealed a way to use Google and other search engines to gain unauthorized access to password-protected content on a dizzying number …
hope they don't patch this
or at least put an option into google for "dont display stuff i can't access".
i've accidently clicked on so many "experts exchange" (lol) links in my time i could fsking scream. lets have a nice clean search engine for public information please.
Actually you can just see the answers by scrolling down on the page, after the huge category listing.
That's like not even trying.
Not quite that easy
It's not quite as easy as updating Wordpress - you then have to dump the entire contents of the Wordpress database and weed out the nasty content. Which is a pain. I should know, it happened to me too. Too lazy to update from 2.5 to 2.5.1. Sigh.
easy fix - wrecks usability
Google has had the option to give a username and pasword for accessing protected content on your site for ages now.
On the other had It used to really pee me off when I had to go through several sites before I could actually access the information without having to go through signups and validations even on free sites! So instead of the signup to see this post link the back button always got hit and webmasters really need to look into the amount of visitors they are losing by insisting on signups on non premium sites
Its got to the point now where if there is no cache link on the google search result then I do not even bother clicking it as they are normally hiding content behind logins etc
This is such a retarded article :P
don't want to come across sounding elistest or anything but surely the majority of Reg readers know about this sort of thing.
Also, to try and boast about "haxking any site" using google cache is complete and udder shite. The only sites which don't require a login for search engine spiders are mostly forums that you would still not actually be "hacking".
It's basically the equivalent of saying "if you use bugmenot.com to find out a password for a website so you don't need to sign up then you've hacked it!!!11!"
¬.¬ suppose I should just stick to securityfocus for actual proper security stories
Hardly a "hack"
Really, is it? It's by design for goodness sake.
Anyone who manages a website using that technique knows full well that some users will be smart and stubborn enough to mimic a search engine bot to get around it. They also know that the vast majority won't and will happily sign up to get the info.
Sensationalist nonsense, El Reg...
"don't want to come across sounding elistest or anything"
lol.. don't worry, you didn't..
Don't encourage people to use expert$-exchange..
..that cancer of a site already b0rks most tech-related searches, and it's a pain typing -"experts-exchange" for each search.
Google Hacking Database
It's often the cache that holds the interesting info.
This works for porn sites .... apparently
Elite computer users?
I don't know if I'm elite yet, but this is very old news. Fix: don't let google see too much. I wouldn't call this a hack as much as people taking advantage of a silly designer.
title no. 362
"...By Ryan Barrett
[talking about experts-exchange]
..that cancer of a site.."
couldnae have said it better myself. how the hell does that turd of a site manage to survive - asking people to pay for stuff they can find out for free, provided they've got the gumption to scroll down the google search results page a bit?
You can get Google to show you only stuff you can see by selecting 'usage rights: free to use or share' from the Advanced Search menu - this makes searches in the field of chemistry much more useful, since Google has indexed a lot of very expensive journals which serve only to tantalise
Experts Exchange (aka Wankers Club)
I have spent my 12 years in IT daily fighting off the urge to kill developers that seem to think that they are some kind of demigod because they know how to write a FOR loop and here comes an entire site that seems to be trying to make a business out of that very attitude.
Anyway, thats my two pence, what is it that they say about experts?
An ex is a has been and a spurt is a drip under pressure.
Mines the one with, helpful and friendly mentor written on the back.
So that's how it's done
I'd often read about webpages which been deleted off the net remaining accessible via Google's cache, but I never knew how to actually query Google for the contents of said cache - now I know it's as beautifully simple as just entering <cache:> before the URL in question!
This has been around for ages
dear gosh it makes the news, I don't what is the noun for really old news, history, or how about cache.
If your site is being indexed by google who runs an open cache then the information is not secure it is that simple :) Same as if you had a user who just posted all your content :)
Java Applets that's the way, wheel out spotty blamonge girl, she has to be good for something, even then they could take screen shots ;)
There is actually a way around this, but I am not saying, it is a useful feature at times, even if just see the squabbles on experts exchange about how their completely off base answer to a question was really right, so they can move up the experts ladder :)
how is this better then the standard cache link that google give you already?!?!
Ok I give in I'm thick as Pigsh*t about this concept other then to know the "address" of the site (e.g. the Page Number et-al) and to add the "cache:" befor the URL in the Google Bar, wtf is actually any different (or better), then to just use the linked cache that google give you anyways?!
re: Don't encourage people to use expert$-exchange
Not to mention when you accidentally misplace the hyphen one character to the left. You don't want to know some of the things I've seen in my time...
That being said, it's sad how expert-sexchange, errr, experts-exchange turned out - had a lot of promise in the early days :(
if you run a for pay site...
...and have not covered this off on day 1, you really need to re-think your career. The "serious" search engines make it pretty easy to stop your content from showing up in the cache. The search engine will have rights to your content, and others wont. And before whatever clever H4x0r that wrote this tripe starts yelling about "I will impersonate a searchbot blah blah... yawn" there is something called reverse lookup validation that will put that quickly to bed.
Come on Register, this belongs in some bullshit BBC "high tech" page that some wanker over there writes, not on a site like this. Get a grip, guys, poor effort!
Cloaking on user agent
Most sites actually cloak purely on user agent without even checking the RDNS or a known IP list of google bots. So usually you can just change your useragent to match google bot and get in :)
It's hardly rocket or any other kind of science...
This was posted in 2600 magazine a long time ago. (for those that didn't notice it themselves) And you hardly have to enter anything special---just do a Google search and click on "cached" when your links come up. Very useful feature not even counting the ability to bypass weak protection schemes.
On a side note, responding to the person that mentioned what mistyping a single character can do--- some years ago when I used to use the "Metacrawler" search engine for my searches, I was showing it to a total newbie to the web. And I typed "Meatcrawler" instead of Metacrawler... I'm sure she's scarred for life...
Yes, you know it, I know it and as said in the article, it's been known a long time - Just as the rules to win friends and influence people in Dale Carnegie's famous book are known to everyone; but... how many people remember to apply them????
Also, remember that all El Reg readers are not l33t hax0r5 like some of you whinging and whining there and some may not know about this.
Another insultingly heasy hack you can do...
Another amateur-level 'hack' that can help you see content sometimes is to use your firefox Web Development Toolbar's Cookies | Clear Session Cookies option. When you visit a site that allows you (say) 3 free downloads for non-members, then bounces you to another screen on your 4th download, clear the session cookies and try again.
These protective measures are only there to deter the less determined and less savvy, they're not designed to be truly secure, as *truly* secure = expensive.
Google 1, Users 0
As stated above already, this only works on amateurish sites that haven't bothered to implement much security. Any site with content worth looking at has used the more secure method of requiring google to use a password to login.
I'm on the verge of moving to a different search engine, since I get burned so often by results that are payola. Google really should have a switch that prevents non-cached links from being displayed.
BTW, the "free to use or share" option that google does provide is unacceptable. It only returns results for which the rights have been specified. The majority of public web pages don't have any rights info, so they are omitted, including wikipedia, apparently
Re: Experts Exchange
Hey, you guys do know that if you just scroll down to the bottom of the page, the Expertexchange article has the answers (not obscured).
Try it! ;o)
But keep it under your hat, don't want them to fix that one!
Very simple if you read the docs
<META NAME="ROBOTS" CONTENT="NOARCHIVE">
..mines the one with "Read the manual" on the back.
Article not so good
Got to say I agree with those who say this article doesn't have any place on El Reg. It's not so much the content but the way it's presented. Title it 'simple tricks you can play with Google' and tone down the excited language and it would be fine. But this isn't a hack and it isn't news.
As was said above, I could imagine reading this on the BBC site. Hell, you could probably read it out and it would make a perfect piece for 'Click...'
Just flaming well use BugMeNot for these retarded sites that require a username and password to post something. Oh wai....
I fixed this problem
It has nothing to do with the database as someone in the comments said. It is a hack on the header.php and one other file (which I cannot remember) in Wordpress. I fixed the problem by making the header.php file non-writable and it stopped this attack in its tracks.
O frabjous day! Callooh! Callay!'
He chortled in his joy.
Just trying to comment using bugmenot. ;-)
"Come on Register, this belongs in some bullshit BBC "high tech" page that some wanker over there writes, not on a site like this. Get a grip, guys, poor effort!"
Here, here. Although, and I will be honest here, I do think you give the BBC a little too much credit.
@JIM THE BOSS
jim, you need a new keyboard...
great site, btw?:
i can see why you're the boss!
no understandy m8y!
"JIM HAS BEEN SPEENDING SOME TIME AT A BIRTISH WESBITE CALLED THE RESISTER AND I HAVEV BEEN TRYIG TO SHRARE MY VAST BILLIANCE WITH THEM AND THEY JUST DONT SEEM TO UDNERSTAND ME"
I was under the impression that only worked with Firefox + NoScript. You mean to say it works on any browser? lol
1) Figure out what makes someone feel they are better than everyone else
2) Design a for-pay website which caters to that 1337ness
Paris, she feels better than everyone else, for-pay.
I was in charge of "search engine optimization" at a magazine company when I was an intern fresh out of college. You had to be a subscriber or a search engine bot to see all the articles, otherwise it would just show you the first paragraph. When I supplied an app to the QA people that changed their IE user agent so they could test as the various bots we "uncloaked" for, they were shocked that regular users could so simply gain access to all our information for free. I got a good chuckle out of it.
The shame here is that google et al allow this. They should hit a page with the googlebot user agent, then hit it with an IE user agent, and remove sites from their index that try this kind of nonsense. SQLServerCentral.com is the #1 culprit that I run into regularly, and they have the no-cache thing on so I have to resort to the user agent hack.
Re: Experts Exchange
They did "fix" that scroll to the bottom thing for a while some time back. Pissed off a number of people.
I'm guessing someone noticed a huge decline in traffic and no increase in sales because it came back within a few weeks.
"i've accidently clicked on so many "experts exchange" (lol) links in my time i could fsking scream"
Indeed, behaviour like that should be grounds for a google ban. I find it hard to believe anybody visits that site by choice or worse actually pays - you have to wonder how they get things like pagerank when they're hated more than myspace.
And worse why google see various tricks mentioned in their rules as suddenly fine when it's 'Experts Exchange'.
@all Experts Exchange haters
The answers are indeed in plain text at the lower end of the page, but a single-session cookie is set that goes away when you close your browser. That prevents you from viewing the answers on a second EE page. Prevent or delete the cookie, read answers for free all day long.
In their meager defense, their experts often seem to have the answers to the issues I'm troubleshooting...
"SQLServerCentral.com is the #1 culprit that I run into regularly"
Then why not just register - it didn't cost me anything to join...
Is it just me, or Google starting to suck? Everything I search for lately just returns a link to some wankers opinion, midway through a thread on a forum, as opposed to a real article about my topic of interest. Oh yeah, and the top 5 are subscription only sites like the ones mentioned above.
Is there anything better right now?
I did register quite some time ago, it just irritates me that I have to go through the trouble of logging in to access content that I feel like I should be able to access with one click, as that's how it was 'advertised' to google. Since there's not a huge probability that the article I'm trying to look at has the answer I'm after anyways, I don't want to be bothered with logging in to find out.
How about Exalead as an alternative.
Just a little clunkier than Google.
I don't know why you noobs are knocking it just because you cant work out how to scroll down the page. I have never had to mess around with disabling scripting or cookies to be able to read the answers.
I am an IT expert but I still find it very useful for dealing with obscure bugs and errors. For the less technically able it is a site that could be invaluable.
Plus it is refreshing to see people answering problems without the trolls that haunt forums and comments sections such as yourself popping up to drown it with so much drivel.
Ok so I dont care whether this is an old or new vulnerability, it is news to me. The important question is, Can I now get all the free Pr0n in the world thanks to google cache, please god yes........
Paris cos who hasnt seen that vid
RE: Very simple if you read the docs
"<META NAME="ROBOTS" CONTENT="NOARCHIVE">
..mines the one with "Read the manual" on the back."
Indeed. There was a good case a couple of years ago where a Belgian newspaper company, Copiepresse - covering several countries, sued Google for making their copyrighted, paid-for, content available in their cache. Google didn't show at the court hearing and the judge ordered Google to remove all of the companies newspapers from the site. So, Google obeyed and removed the lot from the entire search index effectively wiping them off the net.
Eventually the papers saw the idiocy in their ways fixed their headers and asked Google nicely to reindex them.