Yesterday we had a brainstorming session with our programmers on google hacking. It is soooooo easy to grab php codes, passwords, databases from all over the Web, thanks to sloppy coders. For instance, do a search for

index.of
index.of/php
index.of/pswd
index.of/db
index.of/mda
index.of/pgp

or check the list at http://www.thenetworkadministrator.com/googlesearches.htm These types of searches will spit out directory trees.

There are many “smart cookies” posting derivatives of these lists all over the Web.

And how about typos?

Try filetype command searches with extra characters in extensions like

0php
1php
phps
php.

etc….

Servers will spit out entire php codes.

The great offenders are large sites like those belonging to .edu, .gov, .org, not to mention large .com and .net sites.

Ho, Ho, Ho, Merry Christmas, Santa.