So fare I have found this post

[webmasterworld.com...]

It explines some of it. I have been unable to verify if you can Launce an attack via Google and hide your IP adress.

Anyone has any insight on this

The posts/articles you linked to merely talk about Google being used by hackers for finding potential targets rather than Google being used as a literal vector for the attack (as they would be if they were being used to proxy the attack).

The way to stop this is simple...

If you don't want something to be exposed to the world then don't make it available to the outside world in an unsecured state. You can't rely on obscurity to protect you because one bad link, reference or lucky guess and your "protection" is made worthless - either secure it appropriately or simply don't make it available to the world if it doesn't need to be.

(Appropriate measures obviously vary between say the admin area on a website and say the remote admin interface on high-price-tag network router)

Ignoring random linkage to "secure" areas for a moment...

Since you can't prevent all attacks on your systems - especially if they are public facing by design - the next best thing is to keep on top of patches and upgrades so that even if they know you were running "website-application X v3.2" it wont do them a lot of good since you're patched against all the current "known" attacks.

- Tony

My point exactly. To clarify things a bit, what I am asking about is simply this.

Can you use Google as a proxy and how is this done. (I can’t imagine that it is possible and I can’t figure out how it should be accomplished) And finally, how do you protect yourself. One of the articles talk about having images on the page, but as I se it, it will only provide hits in the log and has nothing to do with using Google as a proxy

>Can you use Google as a proxy and how is this done. (I can’t imagine that it is possible and I can’t figure out how it should be accomplished) And finally, how do you protect yourself.

Google cannot be used as a proxy for an attack. Period. However, if your site is vulnerable, then anyone malicious who knows as much about the Internet as me could trivially attack your site using easily available proxies. Heck, a Netzero connection will do just fine. If your site was vulnerable to an attack using Google, it would also be vulnerable to an attack without using Google. As to how to protect yourself, learn about computer security. And remember, security through obscurity is no security at all.

>>Can you use Google as a proxy and how is this done

The only way to use Google as a proxy would be to exploit their web servers and gain control over them so that you could then attack sites using their computers instead of your own. This would be no mean feat and would also be pretty pointless seeing as there are hundreds of thousands of machines online that are far easy to exploit.

But really this discussion has very little to do with Google. The problem is publically available exploitable content on websites. Sure, Google makes it easy to find (and yes, you can view pages in the cache so the site owner will not know that you have looked at them) but that's hardly the point.

Besides, any hacker worth worrying about will know how to hide their IP anyway, by viewing your site via a proxy or an exploited machine. Google's cache is a crude and ineffective way of hiding your connection.

Thanks a lot.

It is as I thought, but I wanted confirmation and assurance that I had not missed a point.