This article will be primarily useful for novice optimizers, because more advanced and so should know everything about them. In order to use this article with maximum efficiency, it is advisable to know exactly which words need to be raised to the right positions. If you're not exactly sure about the word list yet, or use the keyword suggestion service, it's a little confusing, but you can figure it out.
Important! Rest assured, Google understands perfectly well that ordinary users will not use them and only promotion specialists resort to their help. Therefore, Google may slightly distort the information provided.
Intitle operator:
Usage: intitle: word
Example: intitle: website promotion
Description: When using this operator, you will receive a list of pages, in the title (title) of which there is a word of interest to you, in our case it is the phrase "site promotion" in its entirety. Note that there must be no space after the colon. The title of the page is important in ranking, so be responsible for writing your titles. Using this variable, you will be able to estimate the approximate number of competitors who also want to be in the leading positions for this word.
Inurl operator:
Usage: inurl: phrase
Example: inurl: calculating the cost of search engine optimization
Description: This command shows sites or pages that have the original keyword in their URL. Note that there must be no space after the colon.
Inanchor operator:
Usage: inanchor: phrase
Example: inanchor: seo books
Description: Using this operator will help you see pages that are linked with the keyword you are using. This is a very important team, but unfortunately search engines are reluctant to share this information with SEOs for obvious reasons. There are services, Linkscape and Majestic SEO, that are willing to provide you with this information for a fee, but rest assured, the information is worth it.
Also, it is worth remembering that now Google pays more and more attention to the "trust" of the site and less and less link mass. Of course, links are still one of the most important factors, but trust plays an increasingly important role.
A combination of two variables gives good results, for example intitle: promotion inanchor: site promotion. And what we see, the search engine will show us the main competitors, the title of the page of which contains the word "promotion" and incoming links with the anchor "site promotion".
Unfortunately, this combination does not allow you to find out the "trust" of the domain, which, as we have already said, is a very important factor. For example, a lot of old corporate sites don't have as many links as their younger competitors, but they do have a lot of old links that pull these sites to the top of the SERPs.
Site operator:
Usage: site: site address
Example: site: www.aweb.com.ua
Description: With this command, you can see a list of pages that are indexed by the search engine and which it knows about. It is mainly used to find out about competitors' pages and analyze them.
Cache operator:
Usage: cache: page address
Example: cache: www.aweb.com.ua
Description: This command shows a "snapshot" of the page from the moment when the robot visited the site the last time and, in general, how it sees the content of the page. By checking the page cache date, you can determine how often the robots visit the site. The more authoritative a site is, the more often robots visit it and, accordingly, the less authoritative (according to Google) site, the less often robots take pictures of the page.
The cache is very important when buying links. The closer the page's cache date is to the link purchase date, the faster your link will be indexed by the Google search engine. Sometimes it was possible to find pages with a cache age of 3 months. By purchasing a link on such a site, you will only waste your funds, because it is quite possible that the link will never be indexed.
Link operator:
Usage: link: url
Example: link: www.aweb.com.ua
Description: Link operator: Searches for and displays pages that link to a specified url. This can be either the main page of the site or the internal one.
Related operator:
Usage: related: url
Example: related: www.aweb.com.ua
Description: The related: statement displays pages that the search engine thinks are similar to the specified page. For a person, all the resulting pages may not have anything similar, but for a search engine it is.
Info statement:
Usage: info: url
Example: info: www.aweb.com.ua
Description: By using this operator, we will be able to obtain information about the page that is known to the search engine. This could be the author, publication date, and more. Additionally, on the search page, Google offers several actions at once that it can do with this page. Or, more simply, he will suggest using some of the operators that we described above.
Allintitle operator:
Usage: allintitle: phrase
Example: allintitle: aweb promotion
Description: If we start our search query with this word, we get a list of pages that have the entire phrase in the title. For example, if we try to search for the word allintitle: aweb promotion, we will get a list of pages, in the title of which both of these words are mentioned. And they do not have to follow each other at all, they can be located in different places in the header.
Allintext operator:
Usage: allintext: word
Example: allintext: optimization
Description: This operator searches for all pages that contain the specified word in the body of their text. If we try to use allintext: aweb optimization, we will see a list of pages in the text of which these words are found. That is, not the whole phrase is "aweb optimization", but both words "optimization" and "aweb".
Hacking with Google
Alexander Antipov
The Google search engine (www.google.com) provides many search options. All these capabilities are an invaluable search tool for a first-time Internet user and, at the same time, an even more powerful weapon of invasion and destruction in the hands of people with evil intentions, including not only hackers, but also non-computer criminals and even terrorists.
(9475 views in 1 week)
Denis Batrankov
denisNOSPAMixi.ru
Attention:This article is not a guide to action. This article was written for you, administrators of WEB servers, so that you lose the false feeling that you are safe, and you finally understand the insidiousness of this method of obtaining information and set about protecting your site.
Introduction
For example, I found 1670 pages in 0.14 seconds!
2. Let's introduce another line, for example:
inurl: "auth_user_file.txt"a little less, but this is already enough for free download and for brute-force attacks (using the same John The Ripper). Below I will give some more examples.
So, you need to realize that the Google search engine has visited most of the sites on the Internet and stored in the cache the information they contain. This cached information allows you to get information about the site and the content of the site without a direct connection to the site, just digging into the information that is stored inside Google. Moreover, if the information on the site is no longer available, then the information in the cache may still be preserved. All it takes for this method is to know some Google keywords. This technique is called Google Hacking.
For the first time, information about Google Hacking appeared on the Bugtruck mailing list 3 years ago. In 2001, this topic was brought up by a French student. Here is a link to this letter http://www.cotse.com/mailing-lists/bugtraq/2001/Nov/0129.html. It provides the first examples of such requests:
1) Index of / admin
2) Index of / password
3) Index of / mail
4) Index of / + banques + filetype: xls (for france ...)
5) Index of / + passwd
6) Index of / password.txt
This topic made a splash in the English-reading part of the Internet quite recently: after Johnny Long's article published on May 7, 2004. For a more complete study of Google Hacking, I recommend visiting this author's site at http://johnny.ihackstuff.com. In this article, I just want to bring you up to date.
Who can use it:
- Journalists, spies and all those people who like to poke their nose into other matters can use this to search for compromising evidence.
- Hackers looking for suitable targets for hacking.
How Google works.
To continue the conversation, let me remind you of some of the keywords used in Google queries.
Search using the + sign
Google excludes from the search, in its opinion, words that are unimportant. For example, question words, prepositions and articles in English: for example are, of, where. In Russian, Google seems to consider all words important. If the word is excluded from the search, then Google writes about it. In order for Google to start looking for pages with these words in front of them, you need to add a + sign without a space in front of the word. For example:
ace + of base
Search using the sign -
If Google finds a large number of pages from which it is necessary to exclude pages with a specific topic, then you can force Google to search only for pages that do not have specific words. To do this, you need to indicate these words, putting in front of each sign - without a space in front of the word. For example:
fishing vodka
Search using ~
You may want to find not only the specified word, but also its synonyms. To do this, precede the word with the ~ symbol.
Finding the exact phrase using double quotes
Google searches on each page for all occurrences of the words that you wrote in the query string, and it does not care about the relative position of words, the main thing is that all the specified words are on the page at the same time (this is the default action). To find the exact phrase, you need to enclose it in quotes. For example:
"bookend"
To have at least one of the specified words, you need to specify the logical operation explicitly: OR. For example:
book safety OR protection
In addition, in the search bar, you can use the * sign to denote any word and. to denote any character.
Finding words using additional operators
There are search operators that are specified in the search string in the format:
operator: search_term
Spaces next to the colon are not needed. If you insert a space after the colon, you will see an error message, and before it, then Google will use them as a normal search string.
There are groups of additional search operators: languages - indicate in what language you want to see the result, date - limit results for the past three, six or 12 months, occurrences - indicate where in the document you need to search for a string: everywhere, in the title, in the URL, domains - search the specified site or, on the contrary, exclude it from the search, safe search - block sites containing the specified type of information and remove them from the search results pages.
At the same time, some operators do not need an additional parameter, for example, the request " cache: www.google.com"can be called as a full-fledged search string, and some keywords, on the contrary, require a search word, for example" site: www.google.com help". In light of our topic, let's look at the following operators:
Operator |
Description |
Requires an additional parameter? |
search only on the site specified in search_term |
||
search only in documents with the search_term type |
||
find pages containing search_term in title |
||
find pages containing all the words search_term in the title |
||
find pages containing the word search_term in their url |
||
find pages containing all the words search_term in their url |
Operator site: restricts the search only to the specified site, and you can specify not only the domain name, but also the IP address. For example, enter:
Operator filetype: restricts searches to files of a specific type. For example:
As of the article's release date, Google can search within 13 different file formats:
- Adobe Portable Document Format (pdf)
- Adobe PostScript (ps)
- Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)
- Lotus WordPro (lwp)
- MacWrite (mw)
- Microsoft Excel (xls)
- Microsoft PowerPoint (ppt)
- Microsoft Word (doc)
- Microsoft Works (wks, wps, wdb)
- Microsoft Write (wri)
- Rich Text Format (rtf)
- Shockwave Flash (swf)
- Text (ans, txt)
Operator link: shows all pages that point to the specified page.
It's probably always interesting to see how many places on the Internet know about you. Trying:
Operator cache: shows the version of the site in Google's cache as it looked when Google last visited this page. We take any site that changes frequently and look at:
Operator intitle: searches for the specified word in the page title. Operator allintitle: is an extension - it looks for all specified multiple words in the page title. Compare:
intitle: flight to mars
intitle: flight intitle: to intitle: mars
allintitle: flight to mars
Operator inurl: forces Google to display all pages containing the specified string in the URL. Operator allinurl: Searches for all words in a URL. For example:
allinurl: acid acid_stat_alerts.php
This command is especially useful for those who do not have SNORT - at least they can see how it works on a real system.
Hacking Methods Using Google
So, we found out that, using a combination of the above operators and keywords, anyone can collect the necessary information and search for vulnerabilities. These techniques are often referred to as Google Hacking.
map of site
You can use the site: operator to see all the links Google finds on the site. Usually, pages that are dynamically created by scripts are not indexed using parameters, so some sites use ISAPI filters so that links are not in the form /article.asp?num=10&dst=5, and with slashes / article / abc / num / 10 / dst / 5... This is done so that the site is generally indexed by search engines.
Let's try:
site: www.whitehouse.gov whitehouse
Google thinks every page on the site contains the word whitehouse. This is what we use to get all the pages.
There is also a simplified version:
site: whitehouse.gov
And the best part is that the comrades from whitehouse.gov did not even know that we looked at the structure of their site and even looked at the cached pages that Google downloaded for itself. This can be used to study the structure of sites and view content without being noticed for the time being.
Viewing a list of files in directories
WEB servers can display lists of server directories instead of regular HTML pages. This is usually done to get users to select and download specific files. However, in many cases, administrators do not have the goal of showing the contents of a directory. This occurs due to incorrect configuration of the server or the absence of the main page in the directory. As a result, the hacker has a chance to find something interesting in the directory and use it for his own purposes. To find all such pages, just notice that they all contain the words: index of in their title. But since the words index of contain not only such pages, we need to clarify the query and take into account the keywords on the page itself, so queries of the form are suitable for us:
intitle: index.of parent directory
intitle: index.of name size
Since most of the directory listings are intentional, you may find it difficult to find erroneous listings the first time around. But at least you can already use the listings to determine the version of the WEB server, as described below.
Getting the version of the WEB server.
Knowing the version of the WEB server is always useful before starting any hacker attack. Again thanks to Google it is possible to get this information without connecting to the server. If you look closely at the listing of the directory, you can see that the name of the WEB server and its version are displayed there.
Apache1.3.29 - ProXad Server at trf296.free.fr Port 80
An experienced administrator can change this information, but, as a rule, it is true. Thus, to get this information, it is enough to send a request:
intitle: index.of server.at
To get information for a specific server, we clarify the request:
intitle: index.of server.at site: ibm.com
Or vice versa, we are looking for servers running on a specific server version:
intitle: index.of Apache / 2.0.40 Server at
This technique can be used by a hacker to find a victim. If, for example, he has an exploit for a certain version of the WEB server, then he can find it and try the existing exploit.
You can also get the server version by looking at the pages that are installed by default when installing a fresh version of the WEB server. For example, to see the Apache 1.2.6 test page, just type
intitle: Test.Page.for.Apache it.worked!
Moreover, some operating systems immediately install and run the WEB server during installation. At the same time, some users are not even aware of this. Naturally, if you see that someone has not deleted the default page, then it is logical to assume that the computer has not been subjected to any configuration at all and is probably vulnerable to attacks.
Try to find IIS 5.0 pages
allintitle: Welcome to Windows 2000 Internet Services
In the case of IIS, you can determine not only the server version, but also the Windows version and Service Pack.
Another way to determine the version of the WEB server is to search for manuals (help pages) and examples that can be installed on the site by default. Hackers have found many ways to use these components to gain privileged access to a site. That is why you need to remove these components on the production site. Not to mention the fact that by the presence of these components you can get information about the type of server and its version. For example, let's find the apache manual:
inurl: manual apache directives modules
Using Google as a CGI scanner.
CGI scanner or WEB scanner is a utility for searching for vulnerable scripts and programs on the victim's server. These utilities should know what to look for, for this they have a whole list of vulnerable files, for example:
/cgi-bin/cgiemail/uargg.txt
/random_banner/index.cgi
/random_banner/index.cgi
/cgi-bin/mailview.cgi
/cgi-bin/maillist.cgi
/cgi-bin/userreg.cgi
/iissamples/ISSamples/SQLQHit.asp
/SiteServer/admin/findvserver.asp
/scripts/cphost.dll
/cgi-bin/finger.cgi
We can find each of these files using Google, using the words index of or inurl in addition to the file name in the search bar: we can find sites with vulnerable scripts, for example:
allinurl: /random_banner/index.cgi
Using additional knowledge, a hacker can exploit a script vulnerability and use this vulnerability to force the script to return any file stored on the server. For example a password file.
How to protect yourself from Google hacking.
1. Do not post important data to the WEB server.
Even if you posted the data temporarily, then you can forget about it or someone will have time to find and take this data before you erase it. Don't do that. There are many other ways to transfer data to protect it from theft.
2. Check your site.
Use the methods described to research your site. Check your site periodically with new methods that appear on the site http://johnny.ihackstuff.com. Remember that if you want to automate your actions, you need to get special permission from Google. If you read carefully http://www.google.com/terms_of_service.html then you will see the phrase: You may not send automated queries of any sort to Google "s system without express permission in advance from Google.
3. You may not need Google to index your site or part of it.
Google allows you to remove a link to your site or part of it from its database, as well as remove pages from the cache. In addition, you can prohibit the search for images on your site, prohibit showing short fragments of pages in search results. All options for deleting a site are described on the page http://www.google.com/remove.html... To do this, you must confirm that you are actually the owner of this site or insert tags into the page or
4. Use robots.txt
It is known that search engines look into the robots.txt file located at the root of the site and do not index those parts that are marked with the word Disallow... You can take advantage of this to prevent part of the site from being indexed. For example, to avoid indexing the entire site, create a robots.txt file containing two lines:
User-agent: *
Disallow: /
What else happens
So that life does not seem like honey to you, I will say in the end that there are sites that follow those people who, using the above methods, are looking for holes in scripts and WEB servers. An example of such a page is
Application.
A little bit sweet. Try something from the following list yourself:
1. #mysql dump filetype: sql - find dumps of mySQL databases
2. Host Vulnerability Summary Report - will show you what vulnerabilities other people have found
3.phpMyAdmin running on inurl: main.php - this will force close control via phpmyadmin panel
4.not for distribution confidential
5. Request Details Control Tree Server Variables
6. Running in Child mode
7. This report was generated by WebLog
8.intitle: index.of cgiirc.config
9.filetype: conf inurl: firewall -intitle: cvs - can anyone need firewall configuration files? :)
10. intitle: index.of finances.xls - hmm ....
11.intitle: Index of dbconvert.exe chats - icq chat logs
12.intext: Tobias Oetiker traffic analysis
13.intitle: Usage Statistics for Generated by Webalizer
14.intitle: statistics of advanced web statistics
15.intitle: index.of ws_ftp.ini - ws ftp config
16.inurl: ipsec.secrets holds shared secrets - the secret key is a good find
17.inurl: main.php Welcome to phpMyAdmin
18.inurl: server-info Apache Server Information
19.site: edu admin grades
20. ORA-00921: unexpected end of SQL command - getting paths
21. intitle: index.of trillian.ini
22. intitle: Index of pwd.db
23. intitle: index.of people.lst
24. intitle: index.of master.passwd
25. inurl: passlist.txt
26. intitle: Index of .mysql_history
27. intitle: index of intext: globals.inc
28. intitle: index.of administrators.pwd
29. intitle: Index.of etc shadow
30. intitle: index.of secring.pgp
31.inurl: config.php dbuname dbpass
32. inurl: perform filetype: ini
Training Center "Informzashita" http://www.itsecurity.ru - a leading specialized center in the field of information security training (License of the Moscow Education Committee No. 015470, State accreditation No. 004251). The only authorized training center for Internet Security Systems and Clearswift in Russia and the CIS. Microsoft Authorized Training Center (Security specialization). The training programs are coordinated with the State Technical Commission of Russia, the FSB (FAPSI). Certificates of training and state documents on professional development.
SoftKey is a unique service for buyers, developers, dealers and affiliate partners. In addition, this is one of the best online software stores in Russia, Ukraine, Kazakhstan, which offers customers a wide assortment, many payment methods, prompt (often instant) order processing, tracking the order fulfillment process in the personal section, various discounts from the store and manufacturers ON.
How to search correctly with google.com
Everyone probably knows how to use a search engine like Google =) But not everyone knows that if you correctly compose a search query using special structures, you can achieve the results that you are looking for much more efficiently and faster =) In this article I will try to show that and how you need to do to search correctly
Google supports several advanced search operators that have special meaning when searching on google.com. Typically, these operators modify the search, or even tell Google to do completely different types of searches. For example, the construction link: is a special operator, and the request link: www.google.com will not give you a normal search, but will instead find all web pages that have links to google.com.
alternative request types
cache: If you include other words in your query, Google will highlight those included words within the cached document.
For example, cache: www.web site will show cached content with the word "web" highlighted.
link: the search query discussed above will show web pages that contain links to the specified query.
For example: link: www.site will display all pages that have a link to http: //www.site
related: Displays web pages that are "related" to the specified web page.
For example, related: www.google.com will list web pages that are similar to Google's home page.
info: Request Information: Provides some of the information Google has about the requested web page.
For example, info: website will show information about our forum =) (Armada - Forum of adult webmasters).
Other information requests
define: The define: query will provide a definition of the words you enter after this, compiled from various online sources. The definition will be for the entire phrase entered (that is, it will include all words in the exact query).
stocks: If you start your request with stocks: Google will treat the rest of the request terms as stock ticker symbols, and link to a page showing the ready information for those symbols.
For example, stocks: Intel yahoo will show information about Intel and Yahoo. (Note that you must type the breaking news characters, not the company name)
Request Modifiers
site: If you include site: in your query, Google will limit the results to the websites it finds on that domain.
You can also search for individual zones, as such ru, org, com, etc ( site: com site: ru)
allintitle: If you run a query with allintitle :, Google will limit the results with all the words of the query in the header.
For example, allintitle: google search will return all google search pages like images, Blog, etc
intitle: If you include intitle: in your request, Google will limit the results to documents containing that word in the title.
For example, intitle: Business
allinurl: If you run a query with allinurl: Google will limit the results, with all the words of the query in the URL.
For example, allinurl: google search will return documents with google and search in the header. Also, as an option, you can separate words with a slash (/) then words on both sides of the slash will be searched within the same page: Example allinurl: foo / bar
inurl: If you include inurl: in your query, Google will limit the results to documents containing that word in the URL.
For example, Animation inurl: website
intext: searches only in the text of the page for the specified word, ignoring the title and link texts, and other things not related to. There is also a derivative of this modifier - allintext: those. further, all words in the query will be searched only in the text, which is also important, ignoring frequently used words in links
For example, intext: forum
daterange: searches in time frames (daterange: 2452389-2452389), dates for times are in Julian format.
Well, and all sorts of interesting examples of requests
Examples of writing queries for Google. For spammers
Inurl: control.guest? A = sign
Site: books.dreambook.com “Homepage URL” “Sign my” inurl: sign
Site: www.freegb.net Homepage
Inurl: sign.asp “Character Count”
"Message:" inurl: sign.cfm "Sender:"
Inurl: register.php “User Registration” “Website”
Inurl: edu / guestbook “Sign the Guestbook”
Inurl: post “Post Comment” “URL”
Inurl: / archives / “Comments:” “Remember info?”
“Script and Guestbook Created by:” “URL:” “Comments:”
Inurl:? Action = add “phpBook” “URL”
Intitle: ”Submit New Story”
Magazines
Inurl: www.livejournal.com/users/ mode = reply
Inurl greatestjournal.com/ mode = reply
Inurl: fastbb.ru/re.pl?
Inurl: fastbb.ru /re.pl? "Guest book"
Blogs
Inurl: blogger.com/comment.g? ”PostID” “anonymous”
Inurl: typepad.com/ “Post a comment” “Remember personal info?”
Inurl: greatestjournal.com/community/ “Post comment” “addresses of anonymous posters”
“Post comment” “addresses of anonymous posters” -
Intitle: "Post comment"
Inurl: pirillo.com “Post comment”
Forums
Inurl: gate.html? ”Name = Forums” “mode = reply”
Inurl: "forum / posting.php? Mode = reply"
Inurl: "mes.php?"
Inurl: "members.html"
Inurl: forum / memberlist.php? ”
Dear friends, today I will share with you one of my fresh developments in website promotion. I will tell you how to remove the publication date from the SERP and what benefits it gives.
As you know, in the search results for many pages of sites, the date of their publication is displayed. Dates allow users to navigate search results and select pages with more recent and relevant information.
In most cases, I myself prefer to go to pages that were published not so long ago, and I visit materials 3-5 years old or more less often, since often information in many topics quickly becomes outdated and loses its relevance.
Do you think this article about Firefox plugins will get the most clicks from search if it is dated 2008?
Or my post on WordPress plugins from 2007:
I think not, since the information in these topics is becoming obsolete over the years.
I thought about how I can use this moment to increase traffic to the sites I promote. There are many "evergreen" topics in which information is practically not outdated, and materials published several years ago will also be useful and interesting for visitors.
For example, take the topic of dog training. There, the basic principles have not changed for many years. At the same time, the owner of such a site will be sad 😉 when, in a few years, fewer visitors from the search results will go to his articles, as they will see the publication date and select newer articles on other sites simply because they are more recent, although they may not be nearly as interesting or useful.
But if you take such topics as smartphones, gadgets, fashion, women's clothing, then the information in them very quickly becomes outdated and loses its relevance. There is no point in removing the date from the search results.
🔥 By the way! I am giving a paid course on SEO Shaolin English Website Promotion. If you are interested, you can apply on his website seoshaolin.com.I wish you high traffic on your sites!
Dessert for Today is a fascinating video about a guy riding a bike 😉. It is better for the faint of heart and impressionable people not to look 🙂:
