Recently, the Cult of the Dead Cow (cDcreleased a new powerful hacking tool: Goolag Scanner. cDc is a famous group of hackers. They are used to provide serious “hacking” tools such as the famous BackOrifice (remote administration of a computer).
Goolag Scanner scans a web site for more than 1000 known vulnerabilities. The originality of this new tool is that the scan is not direct. It is down using Google requests. Thus, the scanned site is not aware that it is scanned!! Facing this new method, Google decided to limit the number of simultaneous queries for a site. The risk is that Google may blacklist the querying IP address. This makes the scan fastidious. We may expect that cDc will issue soon a version allowing to make a “batch” solution that would counterstrike this black listing.
The obvious countermeasure is to have all the vulnerabilities patched. Another one is to have the file robots.txt listing the files allowed to be indexed by the bot and listing the forbidden ones. Google obeys to the rules defined by robots.txt. Unfortunately, some indexing tools do not care about robots.txt.
Is Goolag Scanner an evil tool? As for all cDc’s tools, they will of course be used by hackers. But, they can also be used by administrators as administration tools. BO2K is an efficient remote administration tool. GoolagScan is an efficient vulnerability scanner. Administrators should use them, at least to be level with hackers.