For each operator there is a lightweight version with a shorter name (without the prefix all). The difference is that allinurl will find links with all words, and inurl will only find links with the first of them. The second and subsequent words from the query can appear anywhere on web pages. The inurl operator also differs from another operator with a similar meaning - site. The first also allows you to find any sequence of characters in a link to the searched document (for example, /cgi-bin/), which is widely used to find components with known vulnerabilities.

Let's try it in practice. We take the allintext filter and make the request produce a list of numbers and verification codes of credit cards that will expire only in two years (or when their owners get tired of feeding everyone).

Allintext: card number expiration date /2017 cvv

When you read in the news that a young hacker “hacked into the servers” of the Pentagon or NASA, stealing classified information, in most cases we are talking about just such a basic technique of using Google. Suppose we are interested in a list of NASA employees and their contact information. Surely such a list is available in electronic form. For convenience or due to oversight, it may also be on the organization’s website itself. It is logical that in this case there will be no links to it, since it is intended for internal use. What words can be in such a file? At a minimum - the “address” field. Testing all these assumptions is easy.

Inurl:nasa.gov filetype:xlsx "address"

We use bureaucracy

Finds like this are a nice touch. A truly solid catch is provided by a more detailed knowledge of Google's operators for webmasters, the Network itself, and the peculiarities of the structure of what is being sought. Knowing the details, you can easily filter the results and refine the properties of the necessary files in order to get truly valuable data in the rest. It's funny that bureaucracy comes to the rescue here. It produces standard formulations that are convenient for searching for secret information accidentally leaked onto the Internet.

For example, the Distribution statement stamp, required by the US Department of Defense, means standardized restrictions on the distribution of a document. The letter A denotes public releases in which there is nothing secret; B - intended only for internal use, C - strictly confidential, and so on until F. The letter X stands out separately, which marks particularly valuable information representing a state secret of the highest level. Let those who are supposed to do this on duty search for such documents, and we will limit ourselves to files with the letter C. According to DoDI directive 5230.24, this marking is assigned to documents containing a description of critical technologies that fall under export control. You can find such carefully protected information on sites in the top-level domain.mil, allocated for the US Army.

"DISTRIBUTION STATEMENT C" inurl:navy.mil

It is very convenient that the .mil domain contains only sites from the US Department of Defense and its contract organizations. Search results with a domain restriction are exceptionally clean, and the titles speak for themselves. Searching for Russian secrets in this way is practically useless: chaos reigns in domains.ru and.rf, and the names of many weapons systems sound like botanical ones (PP “Kiparis”, self-propelled guns “Akatsia”) or even fabulous (TOS “Buratino”).

By carefully studying any document from a site in the .mil domain, you can see other markers to refine your search. For example, a reference to the export restrictions “Sec 2751”, which is also convenient for searching for interesting technical information. From time to time it is removed from official sites where it once appeared, so if you cannot follow an interesting link in the search results, use Google’s cache (cache operator) or the Internet Archive site.

Climbing into the clouds

In addition to accidentally declassified government documents, links to personal files from Dropbox and other data storage services that create “private” links to publicly published data occasionally pop up in Google's cache. It’s even worse with alternative and homemade services. For example, the following query finds data for all Verizon customers who have an FTP server installed and actively using their router.

Allinurl:ftp://verizon.net

There are now more than forty thousand such smart people, and in the spring of 2015 there were many more of them. Instead of Verizon.net, you can substitute the name of any well-known provider, and the more famous it is, the larger the catch can be. Through the built-in FTP server, you can see files on an external storage device connected to the router. Usually this is a NAS for remote work, a personal cloud, or some kind of peer-to-peer file downloading. All contents of such media are indexed by Google and other search engines, so you can access files stored on external drives via a direct link.

Looking at the configs

Before the widespread migration to the cloud, simple FTP servers ruled as remote storage, which also had a lot of vulnerabilities. Many of them are still relevant today. For example, the popular WS_FTP Professional program stores configuration data, user accounts and passwords in the ws_ftp.ini file. It is easy to find and read, since all records are saved in text format, and passwords are encrypted with the Triple DES algorithm after minimal obfuscation. In most versions, simply discarding the first byte is sufficient.

It is easy to decrypt such passwords using the WS_FTP Password Decryptor utility or a free web service.

When talking about hacking an arbitrary website, they usually mean obtaining a password from logs and backups of configuration files of CMS or e-commerce applications. If you know their typical structure, you can easily indicate the keywords. Lines like those found in ws_ftp.ini are extremely common. For example, in Drupal and PrestaShop there is always a user identifier (UID) and a corresponding password (pwd), and all information is stored in files with the .inc extension. You can search for them as follows:

"pwd=" "UID=" ext:inc

Revealing DBMS passwords

In the configuration files of SQL servers, user names and email addresses are stored in clear text, and their MD5 hashes are written instead of passwords. Strictly speaking, it is impossible to decrypt them, but you can find a match among the known hash-password pairs.

There are still DBMSs that do not even use password hashing. The configuration files of any of them can simply be viewed in the browser.

Intext:DB_PASSWORD filetype:env

With the advent of Windows servers, the place of configuration files was partially taken by the registry. You can search through its branches in exactly the same way, using reg as the file type. For example, like this:

Filetype:reg HKEY_CURRENT_USER "Password"=

Let's not forget the obvious

Sometimes it is possible to get to classified information using data that was accidentally opened and came to the attention of Google. The ideal option is to find a list of passwords in some common format. Only desperate people can store account information in a text file, Word document or Excel spreadsheet, but there is always enough of them.

Filetype:xls inurl:password

On the one hand, there are a lot of means to prevent such incidents. It is necessary to specify adequate access rights in htaccess, patch the CMS, not use left-handed scripts and close other holes. There is also a file with a list of robots.txt exceptions that prohibits search engines from indexing the files and directories specified in it. On the other hand, if the structure of robots.txt on some server differs from the standard one, then it immediately becomes clear what they are trying to hide on it.

The list of directories and files on any site is preceded by the standard index of. Since for service purposes it must appear in the title, it makes sense to limit its search to the intitle operator. Interesting things are in the /admin/, /personal/, /etc/ and even /secret/ directories.

Stay tuned for updates

Relevance is extremely important here: old vulnerabilities are closed very slowly, but Google and its search results are constantly changing. There is even a difference between a “last second” filter (&tbs=qdr:s at the end of the request URL) and a “real time” filter (&tbs=qdr:1).

The time interval of the date of the last update of the file is also indicated implicitly by Google. Through the graphical web interface, you can select one of the standard periods (hour, day, week, etc.) or set a date range, but this method is not suitable for automation.

From the look of the address bar, you can only guess about a way to limit the output of results using the &tbs=qdr: construction. The letter y after it sets the limit of one year (&tbs=qdr:y), m shows the results for the last month, w - for the week, d - for the past day, h - for the last hour, n - for the minute, and s - for give me a sec. The most recent results that Google has just made known are found using the filter &tbs=qdr:1 .

If you need to write a clever script, it will be useful to know that the date range is set in Google in Julian format using the daterange operator. For example, this is how you can find a list of PDF documents with the word confidential, downloaded from January 1 to July 1, 2015.

Confidential filetype:pdf daterange:2457024-2457205

The range is indicated in Julian date format without taking into account the fractional part. Translating them manually from the Gregorian calendar is inconvenient. It's easier to use a date converter.

Targeting and filtering again

In addition to specifying additional operators in the search query, they can be sent directly in the body of the link. For example, the filetype:pdf specification corresponds to the construction as_filetype=pdf . This makes it convenient to ask any clarifications. Let's say that the output of results only from the Republic of Honduras is specified by adding the construction cr=countryHN to the search URL, and only from the city of Bobruisk - gcs=Bobruisk. You can find a complete list in the developer section.

Google's automation tools are designed to make life easier, but they often add problems. For example, the user’s city is determined by the user’s IP through WHOIS. Based on this information, Google not only balances the load between servers, but also changes the search results. Depending on the region, for the same request, different results will appear on the first page, and some of them may be completely hidden. The two-letter code after the gl=country directive will help you feel like a cosmopolitan and search for information from any country. For example, the code of the Netherlands is NL, but the Vatican and North Korea do not have their own code in Google.

Often, search results end up cluttered even after using several advanced filters. In this case, it is easy to clarify the request by adding several exception words to it (a minus sign is placed in front of each of them). For example, banking, names and tutorial are often used with the word Personal. Therefore, cleaner search results will be shown not by a textbook example of a query, but by a refined one:

Intitle:"Index of /Personal/" -names -tutorial -banking

One last example

A sophisticated hacker is distinguished by the fact that he provides himself with everything he needs on his own. For example, VPN is a convenient thing, but either expensive, or temporary and with restrictions. Signing up for a subscription for yourself is too expensive. It's good that there are group subscriptions, and with the help of Google it's easy to become part of a group. To do this, just find the Cisco VPN configuration file, which has a rather non-standard PCF extension and a recognizable path: Program Files\Cisco Systems\VPN Client\Profiles. One request and you join, for example, the friendly team of the University of Bonn.

Filetype:pcf vpn OR Group

INFO

Passwords are stored encrypted, but Maurice Massard has already written a program to decrypt them and provides it for free through thecampusgeeks.com.

Google runs hundreds of different types of attacks and penetration tests. There are many options, affecting popular programs, major database formats, numerous vulnerabilities of PHP, clouds, and so on. Knowing exactly what you're looking for will make it much easier to find the information you need (especially information you didn't intend to make public). Shodan is not the only one that feeds with interesting ideas, but every database of indexed network resources!

Each article published by us on a website made on WordPress has a set of standard details, which are the author of the post and the date of publication. In this lesson we will learn how to remove the publication date, link to the author, or the name of the author himself. The topic is important because it helps to avoid duplication of pages and content, which will significantly help us in search engine promotion.

Editing the date display and removing the link to the author of the article are site optimization processes; the more such changes you make, the more profit you will get in the end.

Article navigation:

Why is it bad to have a link to the author of the publication?

First, let's find out why we need this and whether we need it at all. Link to the author of the article It can be useful when there are many authors, but when we are the sole owner and author of articles, then it not only does not bring benefit, but also harms our site.

Imagine a situation that, by the way, very often occurs among beginners when working with WordPress; on our blog there are 100 articles by the same author. And naturally, all 100 articles have their own page with unique content. What happens when we follow the link to the author of the article? The information available about him and... all his articles in the form of announcements will be revealed to us. It turns out that we have 100 unique posts and one author page that duplicates all our pages and their text.

From the point of view of search robots, this will be considered copying the content on the site pages, which will cause the search engine to distrust your texts since they really do not like the same text. Your articles may completely fall out of their index, which is absolutely not what we want.

How to remove the link to the author of an article and the date of publication in WordPress?

We can also look at all the procedures below in video lesson on this topic:

Our WordPress sites are built based on the template we choose. we studied in another lesson. Our pages are generated on the fly and consist of small parts of program code. How can we find the area that interests us so that we can change it further?

First, let's open our page with the publication. Then we move the cursor over the element we are interested in and look at its code.

Depending on what browser you use, you will see the source of the page for viewing and highlighted in the place we were looking for.

So, let's look at everything in order:

1. The main block containing the title of the article, date, author and link to his articles.
2. Div class=”entry-meta” is exactly the layer that interests us at this stage.
3. Span class="author vcard" is also a lower-level block element in which our link is placed.
4. The link itself.

Having found out the names of the classes of the code blocks we need, we proceed to the next step.

Removing the link to the author of the article and the date of publication in WordPress

In order to remove article author's link, open the editor of our theme with, which we discussed earlier. Better yet, download the index.php and content.php file from our hosting so that you can restore our theme if necessary.

We open the index.php file from the editor and look for the divs we need, if we haven’t found any, open the content.php file and find them there. It all depends on how the theme developers configured it.

The files can be named differently, so you need to know how to find what you need, go to the editor, press the key combination Ctrl + F and enter the desired name into the search.

After we have found the block class we need, we analyze the entry inside it.

When we have found the div we are interested in, in our case it is div class = “entry-meta”, which contains our date and author of the article, we need to decide what exactly we want. If we want completely remove the date and author when publishing then we simply delete the code fragment highlighted in the square, save our file and forget about this problem.

There is also an alternative, more, which is written about in a separate article. If you have problems with the search, I recommend trying the search through the editor.

How we can see our date and author is output by the php function generate_posted_on() which we should find in another file, in my case it is template-tags.php in yours it may be another file and you will have to go through all the files in search of a description of the function, so the same way as we looked for the diva class.

Found it? Well done, now we are interested in the function itself. If we want to delete the publication date, then we delete the fragment highlighted at number one; if the date does not interest us, then we move on to the second fragment and parse the code.

If you are well versed in the code then you can change the function itself, but this is highly not recommended.

FAQ:

Should you completely remove the post date and author on your WordPress blog?

The answer is clear, NO. The thing is that the date and the author of the article participate in the formation of the structure of the page. In other words, by completely removing the date and author, you will lose two essential elements of data structuring that are so necessary for your site. These are not words out of thin air; search engines monitor the presence of this data and warn you about the need for their presence.

Why remove the author link in WordPress?

By removing the link, you are “killing” several birds with one stone. Firstly, you delete a page you don’t need, which will definitely create duplication of content, secondly, you lose the unnecessary movement of weight from one page to a completely unnecessary author’s page.

That's all I wanted to tell you in this, if you have any questions, write, we will definitely help.

The Facebook interface is strange and in some places completely illogical. But it just so happens that almost everyone I talk to ended up there, so I have to endure it.

Much about Facebook is not obvious. I tried to collect in this post what I did not find right away, and many probably have not found until now.

Ribbon

Unfortunately, in the Android mobile app, the feed is formed only by popularity.

Cleaning the tape

Notifications

Unfortunately, you cannot unsubscribe from comments in the Android mobile app.

Search by messages

The message interface will open, with a second search bar appearing at the top.

There you can search for any words in all personal messages written during your entire use of Facebook.

Fighting Messenger

Action log

Inserting a publication

Disable video autoplay

In the browser, video autoplay is disabled as follows: click the checkmark in the upper right corner, there are settings, then video.

In Android - click the three bars on the right in the icon line, there "Application Settings" - "Autoplay video" - set "Off." or "Wi-fi only". In the latter case, videos will autoplay only when connected via Wi-Fi.

Go to publication

Surely, the mysterious Facebook still has many secrets that I haven’t gotten to yet.

If you know about other Facebook secrets, write in the comments, I’ll add them to the post.

Saved

Has a terrible habit of reminding you of everything you've ever posted. Most likely, in the dark corners of your Chronicle there are many entries that you no longer remember. It's time to remove them once and for all.

Checking the Chronicle

First and foremost, make sure you know how your Timeline is viewed by regular users (those who aren't your Facebook friends). To do this, go to your Timeline, click on the lock icon, in the “Who can see my materials?” select "View As" and you will see the following:

Look through everything well, and if you don’t like something, click on the date under your name, then on the globe icon, and change the “Shared to everyone” item to “Friends”, “Only me” or “User settings”. In addition, you can completely delete an entry by selecting the appropriate option after clicking on the arrow in the upper right corner.

Hide old public posts

If you want to hide many public posts at once, you will be surprised that Facebook has a special tool for this.

Click the privacy settings lock in the top right corner of the page, select "See other settings" and click "Limit access to past posts." Read the message that appears and click “Apply these restrictions to past posts” if you want only your friends to see all your old posts.

Change Timeline settings

Next, let's make sure your Timeline settings match your preferences. Click the privacy settings lock in the top right corner again, select See other settings, and click the Timeline & Tags tab in the left panel.

Make sure that the first, fourth, fifth and seventh items are set to “Friends” or whatever you choose:

A more thorough Facebook cleanup

If these tips aren't enough for you, you can use one of the Chrome browser extensions, such as Facebook Post Manager. However, such programs can be overly aggressive, so be careful when using them.

Ready! You have cleared your Timeline of old, forgotten publications. Now you can live in peace and not worry about someone coming across a compromising image or status you posted in 2009.