The "Google Hack" Honeypot

An anonymous reader writes "On the heels of Google Hacking for Penetration Testers, and Johnny Long's talks at Blackhat/Defcon over the weekend, comes the "Google Hack" Honeypot, a honeypot designed to lure in malicious search engine activity. They had a second release of their tools on monday, according to their site."

Silly tool

[wimp_org]

You just need to make sure you do not put any items on your webserver you do not want to get viewed.
And if you make invisible links to them. That is just plain stupid.

Also, if Google can find those files so can any other web-crawler.

Wimp_org

The question isn't is it good but why do it?

[WillAffleckUW]

seriously, what good does this serve society? If you can prove that google hacking makes information more free, or that tearing down the barriers helps, well, fine.

If you want to see if you can secure data so it doesn't get google hacked - ok.

If you just want to show how nifty you are at using commonly available tools - there never has been any such thing as total privacy and there never will be.

Re:The question isn't is it good but why do it?

[WillAffleckUW]

tearing down barriers is not always good. some of these hacks are used by pornographers to phish for whoever (including kids) by evading familiy filters etc. I found a hack (a word) that will return zero results for legitimate sites but about 5,000 related to highly unnatural acts. if you are in google, you are one word away from reading the site descriptions of these sites. kind of makes you think twice about whether it's ever safe to hit the "im feeling lucky" button.

There we go. This is why I hardly ever hit the i'm feeling lucky choice.

But, it's like basic science - it can be used for good or evil, depending on many things. Perhaps this is mostly good? Or mostly evil?

I can't say, but I do know that the people that these try to "trap" frequently use the results to avoid the new traps.

Re:Huh? Not all of these...

[spacefight]

From squirrelmail.org: Several cross site scripting (XSS) vulnerabilties have been discovered in SquirrelMail versions 1.4.0 - 1.4.4.

I assume, that's the reason for the 1.4.4 login screen at their demo page.

Re:Huh? Not all of these...

[BluhDeBluh]

From what I can gather, SquirrelMail 1.4.4 contains a vunerability enabling you to do nasty things. By adding honeypot sites, it makes real sites to hack slightly more difficult if you're trying to find them via Google.

Re:OK, I'll admit my density.

[wowbagger]

OK, simply:

Tool creates fake web pages that look like vulnerable Web apps.

Google indexes fake pages.

Bad Guy searches Google for likely victims.

Google returns indexes of pages created by tool.

Bad Guy follows links.

Tool logs Bad Guy's IP and other information.

No Profit for Bad Guy.

Good Guys watch Bad Guy try to |-|@><0r the page, and log everything his does.

Good Guys contact Law Enforcement, present evidence.

Good Guys contact Bad Guy's ISP, present evidence.

(now, there are 2 possible outcomes - the ideal and the real.)

Ideal outcome

Law Enforcement goes after Bad Guy.

Bad Guy's ISP shuts Bad Guy down.

Bad Guy gets caught, convicted, and spends several years playing "Hide The Sausage" with his new friend Benjamin Dover the Serial Sodomist.

Real outcome

Law Enforcement ignores evidence as no money was lost.

Bad Guy's ISP ignores evidence as there is no Law Enforcement involvement, and Good Guys are not ISP's customers.

Bad Guy is distracted for a while and doesn't get to |-|@><0r as many systems.

Re:Why aren't Google being responsible?

Do what ? Say i deliberately have a directory on my site that is called /etc/passwd ? It is a highly relevant page containing stories and articles I have written

Say I have pages up with the same strings that are relevant to a number of Google hacks, like "Admin Panel powered by" etc etc ?

This stupid pre-emptive doctrine that has poisoned everything since 9/11 has to stop. Nothing has been 'settled' in the real world where things actually count.

if it was private

The Downing Street memo and numerous other leaks were intended to be private. Are you suggesting that the world shouldn't know what is happening ?

Stop being such an old granny.

Re:Tools

he was talking about image searches, just like the grandparent

Re:This 'honey pot' talk has my tumbly all rumbly

[Pope]

I'm surprised no one has come up with this, but then again, most kids these days are completely ignorant of the classics.

who you calling a tool?

[bbdd]

"These insecure tools, when combined with the power of a search engine and index which Google provides, results in a convenient attack vector for malicious users."

how is your crappy site being indexed by google the fault of "insecure tools"? you have stuff to hide? don't put it where google can get it!

the only insecure "tool" is the site designer who exposes his own data...

Re:My Explanation

[lspd]

You have to be doing something deliberately malicious in order to get caught by the honeypot.

So you encode evil input into the URL. Many scripts accept POST and GET.

Re:OK, I'll admit my density.

Is it an 'ideal' outcome because someone would be sentanced to prison for commiting no crime and doing no damage, or because he would be repeatedly raped when he got there?

Curiosity isn't a crime. Even if it was, no crime should be punished by what is essentially state sanctioned rape.

Your hack, huh?

[snowwrestler]

You posted this in April. Some of us have been doing stuff like that for well over a year. Nice try on the credit grab though.