Your Robots.txt File Helps Hackers

Posted: 29/04/2017 in All Teched UP!, Hacking
Tags: ,

As you know, the majority of the webmasters upload a file called robots.txt to their servers in order to give instructions to the crawlers like Google, Yahoo, Bing… about what pages mustn’t be indexed.
Example:

Why does the webmaster want to hide some URLs? One of the first things the hackers can do is check these files. Hackers can get a lot of valuable information trying to locate the data, scripts… that the webmaster wants to keep hiding…

Sometimes Google indexes the robots.txt,  giving hackers the oportunity to locate words in this file through Google searches.

For example, if a hacker wants to locate users installations, he could use the robots.txt files indexed in Google to locate them and then try to exploit them.

inurl:.kh/robots.txt- + “Disallow: /user/ “

The hackers could locate WordPress installations by using…

inurl:”.com/robots.txt” + “Disallow: /wp-admin/

The hackers could locate Joomla installations by using…

inurl:”/robots.txt” + “Disallow: joomla”

The hackers could locate Plesk Statisticsin stallations by using…

inurl:”/robots.txt” + “Disallow:  plesk-stat”


The hackers could locate Drupal installations by using…inurl:”.com/robots.txt” + “Disallow: ?q=admin”
The hackers could locate Tinymce installations in order to try to get information about the plugins installed on these servers and then try to exploit them…
inurl:”.com/robots.txt” + “Disallow: tinymce”
Is someone trying to hide their password?.
inurl:”/robots.txt” + “Disallow: passwords.txt”>You should be careful when you are writing your robots.txt because if someone checks it or someone with imagination searches on Google with this types of queries,  you could be a hacker’s target…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s