Google Code Search makes hacking a piece of cake for stupid people too
OK, I’€™m kind of torn for posting this, but I guess it’€™s better to point to a problem so that it stands a chance to get fixed, rather than just pretend it isn’€™t there, right?
Jason Kottke writes about the launch of Google Code Search, still in the Labs category at Google, which is meant to search in open source code. Clearly a tool that could be interesting for developers I’€™d reckon, although I can’€™t think of anytime it would have suited my needs in the past. Then again, maybe I would if it existed… Ah, nevermind.
Kottke points to some of the riskier parts of this nifty little search engine. Such as people putting their WordPress files in a ZIP or TAR file, including the wp-config.php file containing MySQL passwords for the site for instance. That’€™s probably not so good, right? Well, there are other examples as well and Kottke seems to collect them. Hopefully these people will get notified of any serious stuff they unknowingly might have put online and public in this manner.
Well, it could be worse. The admin users for your blog is located in the database and you won’€™t find the administrator username and password in wp-config.php for instance. Then again, if you got the passwords you need to access the database it doesn’€™t take a hacker wizkid to get in there and do some damage.
Have a look at Kottke’€™s post, and make sure you haven’€™t put anything stupid in a compressed file. If not, don’€™t fret ‘€“ Google Code Search won’€™t mess with your regular PHP files or anything like that.
Ah Google, the things you put us through.
