Clik here to view.
Image via CrunchBase
These are not high level attacks, rather this falls more into the recon stage to identify specific software running on sites that are indexed by Google. The good part is that these work in Bing as well making them much more functional in terms of identifying the use of WordPress and Buddy Press where registration is allowed for anyone.
Of course open registration is a gift to spammers, but the use of Askimet and moderation queues can definitely help keep down the spam. The only real issue comes in later on because most subscribers can add information to their own pages, meaning you end up with some interesting rambling information about vacuum cleaners, or the trusty Viagra and Cialis pitches.
Google Hack 1 – Open Subscription:
“To start connecting please log in first. You can also create an account.”.id blogs
A little over a million results in Google, with about 148,000 results in Bing overall low level recon style to see if you allow open registration on your web site. If you allow open registration then you will get tagged with this a lot, if you don’t then it is simple recon and you do not need to worry about this unless some new SQL injection comes along later.
Google Hack 2 – Simple systems ID and account creation:
“powered by wordpress” inurl:register+intext:”create an account”
Simple create an account on a WordPress/buddy press combination looking for open registration pages. Spammers will use this a lot so make sure that your subscribers are monitored. You will end up with some interesting rambling texts on your web site with this one as it is very simple to automate this, and do mass account creation across the WordPress and Buddy Press worlds. There are millions of these in Google and Bing so there is a high likelihood of success in terms of identifying systems with open registration and run by WordPress. The variation on this is switch out “wordpress” with “buddy press” and there you go, you have identified systems.
Google Hack 3 – Simple recon:
“powered by wordpress and buddypress” inurl:”/activity/”
Modifying this one with the keywords spammers are using, spammers can see if their campaigns are working. There are fewer of these in Google, only a couple thousand, so the spammer would want to add their own tags to this to see if their work ended up in the site activity stream. Most subscribers end up here, so this is one way that spammers are going to verify their work.
Overall these Google hacks are just simple recon, but interesting all the same. What I find interesting is that while Google hacking has fallen from the popular security lexicon, it is still a powerful tool to use. Spammers and hackers are using this daily, so well worth keeping up to date on what is happening in the Google hacking world.
This was originally posted on Techwag. 2.0 in March of 2011. The update on this one is that since turning off buddy press the amount of spam on the site has gone down significantly and it is unlikely that I’ll be bringing buddy press back online. There simply isn’t enough time to take care of the spammers and keep the site operating the way I want it to.
