Monday, January 01, 2007

Hackers Using Google as a PhotoCart Locator Tool

It would appear that I have some evidence that indicates it's the Turkish hackers that are known to exploit these types of vulnerabilities doing this PhotoCart vulnerability attack.

Here's a sample of how they used Google's INURL search function to locate the PhotoCart sites in Google's index:

http://www.google.com.tr/search?hl=tr&q=inurl%3A%2Fphotocart%2F&btnG=Google%27da
As a matter of fact, they hit my blog now that I've been posting about this problem the word "photocart" was in the URL so they got a direct hit on this page:
incredibill.blogspot.com/2006/12/photocart-attack-takes-holiday.html
Here's the source of the "research" for PhotoCart from a Turkish DSL line:
IP Address 88.229.95.xxx
Country Turkey
Sorry about the obfuscated IP address, but I don't want people doing a DoS on him/her/it.

Perhaps Google should restrict some features like INURL: to only be accessed by webmasters registered to use Google tools so they know exactly who these people are when they abuse these features.

No comments: