LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 11-05-2012, 12:52 AM   #1
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,303

Rep: Reputation: 57
Why don't google web servers ever get hacked?


Surely there is much more to it than always having the very latest updates of the web server application and other software.

Google unfortunately does not offer web hosting. If only they did, every site could benefit from whatever it is that google does and is so successful against hackers.

How can I have protection as effective as google's at any other hosting provider?

Last edited by Ulysses_; 11-05-2012 at 01:09 AM.
 
Old 11-05-2012, 01:09 AM   #2
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and CentOS
Posts: 6,721

Rep: Reputation: 1704Reputation: 1704Reputation: 1704Reputation: 1704Reputation: 1704Reputation: 1704Reputation: 1704Reputation: 1704Reputation: 1704Reputation: 1704Reputation: 1704
Hi,

how do you know that google has never been "hacked" (presumably you mean cracked)?

Evo2.
 
Old 11-05-2012, 02:30 AM   #3
Tobler
LQ Newbie
 
Registered: Oct 2007
Distribution: Ubuntu, RedHat Enterprise Linux
Posts: 14

Rep: Reputation: 0
Exclamation Google never hacked?

Hi

Ulysses_: Google offers web/email and many hosting solutions. Like sites.google.com for web hosting.

We should discuss what "hacking" or "cracking" really means in case of Google.
Google user accounts has been hacked as users might have bad passwords. So then hackers can access email/photos/google plus and other services. So just one password and you get lot's of things. And this happens all the time. Fortunately you can activate two-way verification so username/password combination is not enough to have access (www.google.com/settings/security).

But if you meant hacking maintenance account then it's completely different thing. There is separate management network where you can not access from Internet. There are routers, other networking equipment and servers. So hackers can not get in there unless they physically access Google site and there access special rooms where server/network management is done. So there's very high security control to get access into these rooms.

Br, Tobler
 
Old 11-05-2012, 02:31 AM   #4
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,303

Original Poster
Rep: Reputation: 57
Quote:
Originally Posted by evo2 View Post
how do you know that google has never been "hacked" (presumably you mean cracked)?
There would have been a message from the hackers bragging about it, on google.com or another google site.

Last edited by Ulysses_; 11-05-2012 at 03:42 AM.
 
Old 11-05-2012, 03:47 AM   #5
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,303

Original Poster
Rep: Reputation: 57
I want to run a PHP script with the data in MySQL, and ideally offer free user subdomains too, just like *.blogspot.com.

Does google offer such hosting?

Who else offers such but with security just like google's to protect from hackers defacing a site without ever being given a password?
 
Old 11-05-2012, 04:52 AM   #6
cascade9
Senior Member
 
Registered: Mar 2011
Location: Brisneyland
Distribution: Debian, aptosid
Posts: 3,753

Rep: Reputation: 935Reputation: 935Reputation: 935Reputation: 935Reputation: 935Reputation: 935Reputation: 935Reputation: 935
Googles been hacked, just like everybody else.

Quote:
Google announced Tuesday that it had been the target of a “highly sophisticated” and coordinated hack attack against its corporate network. It said the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists.
http://www.wired.com/threatlevel/201...ration-aurora/

That is besides all the 'we weren't hacked, it was XXXXXXX' (e.g. 'DNS Glitch' or "human Error') google has had over the years. I wouldnt be suprised if at least one of them was caused by hacking....google is hardly going to publicise it if I'm right about that.

Quote:
Originally Posted by Ulysses_ View Post
There would have been a message from the hackers bragging about it, on google.com or another google site.
Ummm....google has been p̶r̶o̶v̶e̶d̶ rumoured to remove search results they dont like, or downlist them to the point where you'll need to check page number 134 of search results to see it.

Even if thats not the case, why assume that 'hackers' are going to be loudmouthed idiots? Not everybody who does stuff like that talks about it.

Quote:
Originally Posted by Tobler View Post
There are routers, other networking equipment and servers. So hackers can not get in there unless they physically access Google site and there access special rooms where server/network management is done. So there's very high security control to get access into these rooms.
Might not be what the OP is/was worried about, but if you can access data physically, the end result is no different from accessing data over a network IMO.
 
Old 11-05-2012, 05:18 AM   #7
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,303

Original Poster
Rep: Reputation: 57
Quote:
Originally Posted by cascade9 View Post
sought access to the Gmail accounts of human rights activists.
This sounds like some government was involved. But google is in bed with the US government already. Maybe some dictatorial regime has agents inside google who made it possible.

So maybe a less known hosting company is less likely to have been infiltrated? Which such company might have just as good network security or better?

Last edited by Ulysses_; 11-05-2012 at 05:24 AM.
 
Old 11-05-2012, 05:33 AM   #8
cascade9
Senior Member
 
Registered: Mar 2011
Location: Brisneyland
Distribution: Debian, aptosid
Posts: 3,753

Rep: Reputation: 935Reputation: 935Reputation: 935Reputation: 935Reputation: 935Reputation: 935Reputation: 935Reputation: 935
Quote:
Originally Posted by Ulysses_ View Post
This sounds like some government was involved. Maybe some dictatorial regime has agents inside google who made it possible.
That was blamed on China, and from what I know they probably had something to do with it.

I doubt it was an indside job from what I know.

Quote:
Originally Posted by Ulysses_ View Post
But google is in bed with the US government already.
Cannot properly reply, some people here already think I'm a bit of a tin-foil-hatter.

Last edited by cascade9; 11-05-2012 at 06:16 AM. Reason: typo
 
Old 11-05-2012, 07:39 AM   #9
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
It is my Professional Estimate and Personal Opinion that Google gets 'hacked' more than is thought.

I asked google safe browsing to show me

stats for one of Google's Address Space says
"Over the past 90 days, we found 45 site(s) on this network, including, for example, sabhot.com/, google.com/, googleapis.com/, that appeared to function as intermediaries for the infection of 78 other site(s) including, for example, feedreader.com/, foto---seksi.blogspot.com/, www.jazaan.com.googlepages.com/."

stats for Google.com
"Over the past 90 days, google.com appeared to function as an intermediary for the infection of 26 site(s) including ]www.jazaan.com.googlepages.com/, heartfailuresolutions.com/, stroupecondoblog.com/."

The topic could have read "Why don't google webservers ever get defaced?"

Have a Great Day!

Last edited by Habitual; 11-05-2012 at 07:40 AM.
 
Old 11-05-2012, 08:03 AM   #10
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,303

Original Poster
Rep: Reputation: 57
Is that something of concern to me if I only use PHP scripts, MySQL and let users create subdomains?
 
Old 11-05-2012, 12:30 PM   #11
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,599
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
Remember that the intrinsic nature of any (non-static ...) web site is that it consists of software. Even if the site itself is completely static, it's still running on software. Anytime a digital computer is involved, the possibility for exploitation exists.

I think that you really have to bear in mind, though, that computer-exploitation is very much a "crime of opportunity" situation. Your choice of host (yes, even Google) is not going to be a source-of security, nor a loss-of it. How you configure and keep-up your site, will be. There are millions of sites out there, and exploiters probably don't care about "yours" vs. anybody else's. (If they do, then what I'm saying doesn't apply anymore.) If you have taken reasonable precautions to keep your doors locked and your front-porch swept and the newspapers aren't allowed to accumulate out by the mailbox, you're not going to be "the easiest pickin's" and that might make all the difference.
 
Old 11-05-2012, 01:49 PM   #12
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,303

Original Poster
Rep: Reputation: 57
The problem is I do not know anything I can do to prevent hackers from hacking into my site, other than use strong passwords, keep my software up to date, keep the pc where I type the passwords free from keyloggers, and keep my login link to the site secure.

But hosting companies should know a lot more than that, for their side of things, is that not so? Aren't there any with a good security reputation?

Last edited by Ulysses_; 11-05-2012 at 02:01 PM.
 
Old 11-05-2012, 02:51 PM   #13
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,303

Original Poster
Rep: Reputation: 57
Let's say I take an existing blogging application script (is wordpress open-source?) and install it, what backdoors are there in such an application for me to close?

Last edited by Ulysses_; 11-05-2012 at 02:56 PM.
 
Old 11-05-2012, 02:59 PM   #14
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by Ulysses_ View Post
Let's say I take an existing blogging application script (is wordpress open-source?) and install it, what backdoors are there in it for me to close?
Hardening WordPress
 
Old 11-05-2012, 05:21 PM   #15
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
Best way to harden wordpress is to bur it to a cd, put it in a bucket full of cement and drop it in the Mindinao(sp?) Trench.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Google Talk #2 – Google Web Toolkit & WebM with Brad Abrams LXer Syndicated Linux News 0 09-13-2010 06:50 PM
Google password system hacked? Is it? linuxlover.chaitanya Linux - Security 11 05-05-2010 01:20 AM
Web Servers don't want to show [larger] .tar and .rar files? brokenpromises Linux - Server 1 01-22-2008 11:53 PM
LXer: Google's Android hacked onto real hardware LXer Syndicated Linux News 0 01-10-2008 02:20 PM
Mozilla/Google interfaced hacked robertn Linux - Security 5 03-27-2004 09:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration