Search engine Google system(www.google.com) provides many search options. All these features are an invaluable search tool for a user new to the Internet and at the same time an even more powerful weapon of invasion and destruction in the hands of people with evil intentions, including not only hackers, but also non-computer criminals and even terrorists.
(9475 views in 1 week)

Denis Barankov
denisNOSPAMixi.ru

Attention:This article is not a guide to action. This article was written for you, WEB server administrators, so that you will lose the false feeling that you are safe, and you will finally understand the insidiousness of this method of obtaining information and take up the task of protecting your site.

Introduction

For example, I found 1670 pages in 0.14 seconds!

2. Let's enter another line, for example:

inurl:"auth_user_file.txt"

a little less, but this is already enough for free downloading and password guessing (using the same John The Ripper). Below I will give a number of more examples.

So, you need to realize that the Google search engine has visited most of the Internet sites and cached the information contained on them. This cached information allows you to obtain information about the site and the content of the site without directly connecting to the site, only by delving into the information that is stored inside Google. Moreover, if the information on the site is no longer available, then the information in the cache may still be preserved. All you need for this method: know some keywords Google. This technique is called Google Hacking.

Information about Google Hacking first appeared on the Bugtruck mailing list 3 years ago. In 2001, this topic was raised by a French student. Here is a link to this letter http://www.cotse.com/mailing-lists/bugtraq/2001/Nov/0129.html. It provides the first examples of such queries:

1) Index of /admin
2) Index of /password
3) Index of /mail
4) Index of / +banques +filetype:xls (for france...)
5) Index of / +passwd
6) Index of / password.txt

This topic made waves in the English-reading part of the Internet quite recently: after the article by Johnny Long, published on May 7, 2004. For a more complete study of Google Hacking, I advise you to go to this author’s website http://johnny.ihackstuff.com. In this article I just want to bring you up to date.

Who can use this:
- Journalists, spies and all those people who like to poke their nose into other people's business can use this to search for incriminating evidence.
- Hackers looking for suitable targets for hacking.

How Google works.

To continue the conversation, let me remind you of some of the keywords used in Google queries.

Search using the + sign

Google excludes words it considers unimportant from searches. For example, question words, prepositions and articles in English language: for example are, of, where. In Russian, Google seems to consider all words important. If a word is excluded from the search, Google writes about it. To Google started to look for pages with these words, you need to add a + sign without a space before the word. For example:

ace +of base

Search using the sign –

If Google finds a large number of pages from which it needs to exclude pages with a certain topic, then you can force Google to search only for pages that do not contain certain words. To do this, you need to indicate these words by placing a sign in front of each - without a space before the word. For example:

fishing - vodka

Search using ~

You may want to search not only the specified word, but also its synonyms. To do this, precede the word with the ~ symbol.

Finding an exact phrase using double quotes

Google searches on each page for all occurrences of the words that you wrote in the query string, and it does not care about the relative position of the words, as long as all the specified words are on the page at the same time (this is the default action). To find the exact phrase, you need to put it in quotes. For example:

"bookend"

In order for at least one of the specified words to appear, you must specify logical operation explicit: OR. For example:

book safety OR protection

In addition, you can use the * sign in the search bar to indicate any word and. to represent any character.

Searching for words using additional operators

Exist search operators, which are indicated in the search string in the format:

operator:search_term

Spaces next to the colon are not needed. If you insert a space after the colon, you will see an error message, and before it, Google will use them as a normal search string.
There are groups of additional search operators: languages ​​- indicate in which language you want to see the result, date - limit the results for the past three, six or 12 months, occurrences - indicate where in the document you need to search for the line: everywhere, in the title, in the URL, domains - search on the specified site or, conversely, exclude it from the search; safe search - blocks sites containing the specified type of information and removes them from the search results pages.
However, some operators do not require an additional parameter, for example the request " cache:www.google.com" can be called as a full-fledged search string, and some keywords, on the contrary, require a search word, for example " site:www.google.com help". In light of our topic, let's look at the following operators:

Operator	Description	Requires an additional parameter?
	search only on the site specified in search_term
	search only in documents with type search_term
	find pages containing search_term in the title
	find pages containing all search_term words in the title
	find pages containing the word search_term in their address
	find pages containing all search_term words in their address

Operator site: limits the search only to the specified site, and you can specify not only Domain name, but also an IP address. For example, enter:

Operator filetype: Limits the search to a specific file type. For example:

As of the publication date of the article, Google can search within 13 different file formats:

• Adobe Portable Document Format (pdf)
• Adobe PostScript (ps)
• Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)
• Lotus WordPro (lwp)
• MacWrite (mw)
• Microsoft Excel(xls)
• Microsoft PowerPoint (ppt)
• Microsoft Word(doc)
• Microsoft Works (wks, wps, wdb)
• Microsoft Write (wri)
• Rich Text Format (rtf)
• Shockwave Flash(swf)
• Text (ans, txt)

Operator link: shows all pages that point to the specified page.
It's probably always interesting to see how many places on the Internet know about you. Let's try:

Operator cache: Shows the version of the site in Google's cache as it looked the last time Google visited that page. Let’s take any frequently changing site and look:

Operator intitle: searches for the specified word in the page title. Operator allintitle: is an extension - it searches for all specified few words in the page title. Compare:

intitle:flight to Mars
intitle:flight intitle:on intitle:mars
allintitle:flight to mars

Operator inurl: forces Google to show all pages containing the specified string in the URL. allinurl operator: searches for all words in a URL. For example:

allinurl:acid acid_stat_alerts.php

This command is especially useful for those who don't have SNORT - at least they can see how it works on a real system.

Hacking Methods Using Google

So, we found out that using a combination of the above operators and keywords, anyone can collect the necessary information and search for vulnerabilities. These techniques are often called Google Hacking.

Site Map

You can use the site: operator to list all the links that Google has found on a site. Typically, pages that are dynamically created by scripts are not indexed using parameters, so some sites use ISAPI filters so that links are not in the form /article.asp?num=10&dst=5, and with slashes /article/abc/num/10/dst/5. This is done so that the site is generally indexed by search engines.

Let's try:

site:www.whitehouse.gov whitehouse

Google thinks that every page on a website contains the word whitehouse. This is what we use to get all the pages.
There is also a simplified version:

site:whitehouse.gov

And the best part is that the comrades from whitehouse.gov didn’t even know that we looked at the structure of their site and even looked at the cached pages that Google downloaded. This can be used to study the structure of sites and view content, remaining undetected for the time being.

View a list of files in directories

WEB servers can show lists of server directories instead of regular HTML pages. This is usually done to ensure that users select and download specific files. However, in many cases, administrators have no intention of showing the contents of a directory. This occurs due to incorrect server configuration or lack of home page in the directory. As a result, the hacker has a chance to find something interesting in the directory and use it for his own purposes. To find all such pages, it is enough to note that they all contain the words: index of. But since the words index of contain not only such pages, we need to refine the query and take into account the keywords on the page itself, so queries like:

intitle:index.of parent directory
intitle:index.of name size

Since most directory listings are intentional, you may have a hard time finding misplaced listings the first time. But on at least, you can already use listings to determine WEB versions server as described below.

Obtaining the WEB server version.

Knowing the WEB server version is always useful before launching any hacker attack. Again, thanks to Google, you can get this information without connecting to a server. If you look closely at the directory listing, you can see that the name of the WEB server and its version are displayed there.

Apache1.3.29 - ProXad Server at trf296.free.fr Port 80

An experienced administrator can change this information, but, as a rule, it is true. Thus, to obtain this information it is enough to send a request:

intitle:index.of server.at

To get information for a specific server, we clarify the request:

intitle:index.of server.at site:ibm.com

Or vice versa, we are looking for servers running on specific version servers:

intitle:index.of Apache/2.0.40 Server at

This technique can be used by a hacker to find a victim. If, for example, he has an exploit for a certain version of the WEB server, then he can find it and try the existing exploit.

You can also get the server version by viewing the pages that are installed by default when installing the latest version of the WEB server. For example, to see test page Apache 1.2.6 just type

intitle:Test.Page.for.Apache it.worked!

Moreover, some operating systems immediately install and launch the WEB server during installation. However, some users are not even aware of this. Naturally, if you see that someone has not removed the default page, then it is logical to assume that the computer has not undergone any customization at all and is likely vulnerable to attack.

Try searching for IIS 5.0 pages

allintitle:Welcome to Windows 2000 Internet Services

In the case of IIS, you can determine not only the server version, but also the Windows version and Service Pack.

Another way to determine the WEB server version is to search for manuals (help pages) and examples that may be installed on the site by default. Hackers have found quite a few ways to use these components to gain privileged access to a site. That is why you need to remove these components on the production site. Not to mention the fact that the presence of these components can be used to obtain information about the type of server and its version. For example, let's find the apache manual:

inurl:manual apache directives modules

Using Google as a CGI scanner.

CGI scanner or WEB scanner is a utility for searching for vulnerable scripts and programs on the victim’s server. These utilities must know what to look for, for this they have a whole list of vulnerable files, for example:

/cgi-bin/cgiemail/uargg.txt
/random_banner/index.cgi
/random_banner/index.cgi
/cgi-bin/mailview.cgi
/cgi-bin/maillist.cgi
/cgi-bin/userreg.cgi

/iissamples/ISSamples/SQLQHit.asp
/SiteServer/admin/findvserver.asp
/scripts/cphost.dll
/cgi-bin/finger.cgi

We can find each of these files with using Google, using additionally with the file name in the search line the words index of or inurl: we can find sites with vulnerable scripts, for example:

allinurl:/random_banner/index.cgi

Using additional knowledge, a hacker can exploit a script's vulnerability and use this vulnerability to force the script to emit any file stored on the server. For example, a password file.

How to protect yourself from Google hacking.

1. Do not post important data on the WEB server.

Even if you posted the data temporarily, you may forget about it or someone will have time to find and take this data before you erase it. Don't do that. There are many other ways to transfer data that protect it from theft.

2. Check your site.

Use the methods described to research your site. Check your site periodically for new methods that appear on the site http://johnny.ihackstuff.com. Remember that if you want to automate your actions, you need to get special permission from Google. If you read carefully http://www.google.com/terms_of_service.html, then you will see the phrase: You may not send automated queries of any sort to Google's system without express permission in advance from Google.

3. You may not need Google to index your site or part of it.

Google allows you to remove a link to your site or part of it from its database, as well as remove pages from the cache. In addition, you can prohibit the search for images on your site, prohibit short fragments of pages from being shown in search results. All possibilities for deleting a site are described on the page http://www.google.com/remove.html. To do this, you must confirm that you are really the owner of this site or insert tags into the page or

4. Use robots.txt

It is known that search engines look at the robots.txt file located at the root of the site and do not index those parts that are marked with the word Disallow. You can use this to prevent part of the site from being indexed. For example, to prevent the entire site from being indexed, create a robots.txt file containing two lines:

User-agent: *
Disallow: /

What else happens

So that life doesn’t seem like honey to you, I’ll say finally that there are sites that monitor those people who, using the methods outlined above, look for holes in scripts and WEB servers. An example of such a page is

Application.

A little sweet. Try some of the following for yourself:

1. #mysql dump filetype:sql - search for database dumps mySQL data
2. Host Vulnerability Summary Report - will show you what vulnerabilities other people have found
3. phpMyAdmin running on inurl:main.php - this will force control to be closed through the phpmyadmin panel
4. not for distribution confidential
5. Request Details Control Tree Server Variables
6. Running in Child mode
7. This report was generated by WebLog
8. intitle:index.of cgiirc.config
9. filetype:conf inurl:firewall -intitle:cvs – maybe someone needs firewall configuration files? :)
10. intitle:index.of finances.xls – hmm....
11. intitle:Index of dbconvert.exe chats – icq chat logs
12.intext:Tobias Oetiker traffic analysis
13. intitle:Usage Statistics for Generated by Webalizer
14. intitle:statistics of advanced web statistics
15. intitle:index.of ws_ftp.ini – ws ftp config
16. inurl:ipsec.secrets holds shared secrets - secret key - good find
17. inurl:main.php Welcome to phpMyAdmin
18. inurl:server-info Apache Server Information
19. site:edu admin grades
20. ORA-00921: unexpected end of SQL command – getting paths
21. intitle:index.of trillian.ini
22. intitle:Index of pwd.db
23.intitle:index.of people.lst
24. intitle:index.of master.passwd
25.inurl:passlist.txt
26. intitle:Index of .mysql_history
27. intitle:index of intext:globals.inc
28. intitle:index.of administrators.pwd
29. intitle:Index.of etc shadow
30.intitle:index.ofsecring.pgp
31. inurl:config.php dbuname dbpass
32. inurl:perform filetype:ini

"Hacking mit Google"

Training center "Informzashchita" http://www.itsecurity.ru - a leading specialized center in the field of training information security(License of the Moscow Committee of Education No. 015470, State accreditation No. 004251). The only authorized training center for Internet Security Systems and Clearswift in Russia and the CIS countries. Microsoft authorized training center (Security specialization). The training programs are coordinated with the State Technical Commission of Russia, the FSB (FAPSI). Certificates of training and state documents on advanced training.

SoftKey is a unique service for buyers, developers, dealers and affiliate partners. In addition, this is one of the best online software stores in Russia, Ukraine, Kazakhstan, which offers customers a wide range of products, many payment methods, prompt (often instant) order processing, tracking the order process in the personal section, various discounts from the store and manufacturers BY.

A query language is a man-made programming language used to make queries in databases and information systems.

In general, such query methods can be classified depending on whether they are used for a database or for information retrieval. The difference is that requests to such services are made to obtain factual answers to the questions posed, while the search engine tries to find documents containing information related to the user's area of ​​interest.

Database

Database query languages ​​include the following examples:

• QL - object-oriented, refers to the successor of Datalog.
• Contextual Query Language (CQL) is a formal query representation language for information retrieval systems (such as web indexes or bibliographic catalogues).
• CQLF (CODYASYL) - for CODASYL-TYPE databases.
• Concept Oriented Query Language (COQL) - used in related models (com). It is based on construpt data modeling principles and uses operations such as projection and de-projection of multivariate analysis, analytical operations and inference.
• DMX - used for models
• Datalog is a deductive database query language.
• Gellish English is a language that can be used to query Gellish English databases and allows for dialogue (queries and responses) and also serves for knowledge information modeling.
• HTSQL - translates http requests to SQL.
• ISBL - used for PRTV (one of the first relational database management systems).
• LDAP is a query and directory services protocol that runs over TCP/IP.
• MDX - required for OLAP databases.

Search engines

The search query language, in turn, is aimed at finding data in search engines. It differs in that queries often contain plain text or hypertext with additional syntax (such as “and”/“or”). It differs significantly from standard similar languages, which are governed by strict command syntax rules or contain positional parameters.

How are search queries classified?

There are three broad categories that cover most search queries: informational, navigational, and transactional. Although this classification has not been theoretically established, it has been empirically confirmed by the presence of actual queries in search engines.

Information queries are those that cover broad topics (such as a specific city or truck model) that can return thousands of relevant results.

Navigational queries are queries that search for a single site or web page on a specific topic (for example, YouTube).

Transactional - reflect the user's intention to perform a certain action, for example, purchase a car or book a ticket.

Search engines often support a fourth type of query, which is much less commonly used. These are so-called connection requests, containing a report on the connectivity of the indexed web graph (the number of links to a particular URL, or how many pages are indexed from a particular domain).

How is information searched?

Interesting characteristics regarding web search have become known:

The average search query length was 2.4 words.

• About half of users made one request, and just under a third of users made three or more unique requests back to back.
• Almost half of users only viewed the first one or two pages of results.
• Less than 5% of users use advanced search capabilities (for example, selecting specific categories or searching in search).

Features of custom actions

The study also found that 19% of queries contained a geographic term (e.g., names, zip codes, geographic features, etc.). It is also worth noting that in addition to short queries (that is, with several terms), there were often predictable patterns in which users changed their search phrases.

It was also found that 33% of requests from the same user are repeated, and in 87% of cases the user will click on the same result. This suggests that many users use repeat queries to revise or re-find information.

Frequency distributions of requests

In addition, experts confirmed that the frequency distributions of queries correspond to a power law. That is, a small part of the keywords are observed in the largest list of queries (for example, more than 100 million), and they are the most frequently used. The remaining phrases within the same topics are used less frequently and more individually. This phenomenon is called the Pareto principle (or the “80-20 rule”), and it has allowed search engines to use optimization techniques such as indexing or database partitioning, caching and preloading, and has also made it possible to improve the search engine's query language.

IN last years It was found that the average length of queries has been steadily increasing over time. Thus, the average query in English has become longer. To this end, Google introduced an update called "Hummingbird" (in August 2013), which is capable of processing long search phrases with non-protocol, "colloquial" query language (like "where's the nearest coffee shop?").

For longer requests, their processing is used - they are divided into phrases formulated in standard language, and responses to different parts are displayed separately.

Structured queries

Search engines that support both syntax use more advanced query languages. A user searching for documents covering multiple topics or facets can describe each of them by the logical characteristic of the word. At its core, a logical query language is a collection of certain phrases and punctuation marks.

What is advanced search?

The query language of Yandex and Google is capable of performing a more narrowly targeted search if certain conditions are met. Advanced search can search by part of the page title or title prefix, as well as specific categories and lists of names. It can also limit searches to pages that contain certain words in the title or are in certain topic groups. When used correctly, the query language can process parameters that are orders of magnitude more complex than the superficial results of most search engines, including user-specified words with variable endings and similar spellings. When you present advanced search results, a link to the relevant sections of the page will be displayed.

It is also possible to search for all pages containing a specific phrase, while with a standard query search engines cannot stop at any discussion page. In many cases, the query language can lead to any page located in the noindex tags.

In some cases, a correctly formed query allows you to find information containing a number of special characters and letters of other alphabets ( Chinese characters For example).

How are query language characters read?

Upper and lower case, as well as some (umlauts and accents) are not taken into account in the search. For example, a search for the keyword Citroen will not find pages containing the word "Citroen". But some ligatures correspond to individual letters. For example, a search for "aeroskobing" will easily find pages containing "Ereskobing" (AE = Æ).

Many non-alphanumeric characters are constantly ignored. For example, it is impossible to find information for a query containing the string |L| (a letter between two vertical bars), although this character is used in some conversion patterns. The results will only contain data from “LT”. Some characters and phrases are treated differently: a query for "credit (Finance)" will return entries with the words "credit" and "finance", ignoring the parentheses, even if there is an entry with the exact title "credit (Finance)".

There are many functions that can be used using a query language.

Syntax

The query language of Yandex and Google may use some punctuation marks to refine the search. An example is the curly braces - ((search)). The phrase contained in them will be searched in its entirety, without changes.

The phrase in allows you to determine the search object. For example, a word in quotation marks will be recognized as being used in a figurative sense or as a fictional character, without quotation marks - as information of a more documentary nature.

Additionally, all major search engines support the "-" symbol for logical "not" and also and/or. The exception is terms that cannot be prefixed with a hyphen or dash.

Inexact search phrase matches are marked with ~. For example, if you don't remember the exact wording of a term or name, you can enter it in the search bar with the specified symbol and you will be able to get results that are as similar as possible.

Custom Search Options

There are also search parameters such as intitle and incategory. They are filters displayed separated by a colon, in the form "filter: query string". The query string can contain the term or phrase you are searching for, or part or the entire page title.

The “intitle: query” feature gives priority in search results based on the title, but also shows organic results based on the content of the title. Several of these filters can be used simultaneously. How to use this opportunity?

A query like “intitle: airport name” will return all articles containing the name of the airport in the title. If you formulate it as “parking intitle: airport name,” then you will get articles with the name of the airport in the title and mentioning parking in the text.

Search using the “incategory: Category” filter works on the principle of initially displaying articles belonging to a specific group or list of pages. For example, a search query like “Temples incategory: History” will return results on the topic of temple history. This function can also be used as an advanced function by specifying various parameters.

Additional commands to the Google search engine allow you to achieve much better results. With their help, you can limit the scope of your search, and also indicate to the search engine that you do not need to view all pages.

Operator "Plus" (+):
For a situation where you need to force some mandatory word into the text. To do this, use the “+” operator before the required word. Suppose, if we have a request for Terminator 2, as a result of the request we will have information about the film Terminator, Terminator 2, Terminator 3. To leave only information about the film Terminator 2, we put a “plus sign” in front of the two: just a little about “Home Alone” I". If we have a request like Terminator +2.

For example:
Magazine +Murzilka
+Bernoulli equation

Site operator:

For example:
Music site:www.site
Books site:ru

Link operator:

For example:
link:www.site
Friends link:www.site

Range operator (..):
For those who have to work with numbers, Google has made it possible to search for ranges between numbers. In order to find all pages containing numbers in a certain range “from - to”, you need to put two dots (..) between these extreme values, that is, the range operator.

For example:
Buy a book $100..$150

Excluding words from the query. Logical NOT (-):
To exclude any words, the minus (-) exclusion operators are used. That is, a logical “NOT”. Useful in cases where direct search results are too cluttered

For example:
Aquarium group - we are looking for everything about the aquarium excluding the "Aquarium" group

Search for exact phrase (""):
Useful for searching for a specific text (an entire article based on a quote). To do this, you need to enclose the query in quotes (double quotes).

For example:
“And the dungeon is cramped, and there is only one freedom And we always trust in it” - we are looking for Vysotsky’s ballad one line at a time

Note: Google allows you to enter a maximum of 32 words per search string.

Word truncation (*):
Sometimes you need to look for information about a word combination in which one or more words are unknown. For these purposes, the “*” operator is used instead of unknown words. Those. “*” is any word or group of words.

For example:
Master and *
Leonardo * Vinci

cache operator:
The search engine stores the version of the text that is indexed by the search spider in a special storage format called a cache. A cached version of a page can be retrieved if the original page is unavailable (for example, the server on which it is stored is down). A cached page is shown as it is stored in the search engine's database and is accompanied by a notice at the top of the page indicating that it is a cached page. It also contains information about the time the cached version was created. On the page from the cache, the query keywords are highlighted, and each word is highlighted in a different color for user convenience. You can create a request that will immediately return a cached version of a page with a specific address: cache:page_address, where instead of “page_address” is the address of the page saved in the cache. If you need to find any information in a cached page, you need to write a request for this information separated by a space after the page address.

For example:
cache:www.site
cache:www.site tournaments

We must remember that there should not be a space between “:” and the page address!

filetype operator:
As you know, Google indexes not only html pages. If, for example, you needed to find some information in a file type other than html, you can use the filetype operator, which allows you to search for information in a specific file type (html, pdf, doc, rtf...).

For example:
Specification html filetype:pdf
Essays filetype:rtf

Operator info:
The info operator allows you to see the information that Google knows about this page.

For example:
info:www.site
info:www.site

Site operator:
This operator limits the search to a specific domain or site. That is, if you make a request: marketing intelligence site:www.site, then the results will be obtained from pages containing the words “marketing” and “intelligence” on the site “www..

For example:
Music site:www.site
Books site:ru

Link operator:
This operator allows you to see all the pages that link to the page for which the request was made. Thus, the request link:www.google.com will return pages that contain links to google.com.

For example:
link:www.site
Friends link:www.site

allintitle operator:
If you start a query with the allintitle operator, which translates as “everything is in the title,” then Google will return texts in which all the words of the query are contained in the titles (inside the TITLE tag in HTML).

For example:
allintitle:Free software
allintitle:Download music albums

intitle operator:
Shows pages where only the word immediately following the intitle statement is in the title, and all other query words can appear anywhere in the text. Putting the intitle operator before each word of the query is equivalent to using the allintitle operator.

For example:
Programs intitle:Download
intitle:Free intitle:download software

allinurl operator:
If the query begins with the allinurl operator, then the search is limited to those documents in which all the query words are contained only in the page address, that is, in the url.

For example:
allinurl:rus games
allinurl:books fantasy

inurl operator:
The word that is located directly together with the inurl operator will be found only in the address of the Internet page, and the remaining words will be found anywhere in such a page.

For example:
inurl:books download
inurl:games crack

Operator related:
This operator describes pages that are "similar" to some specific page. Thus, the query related:www.google.com will return pages with similar topics to Google.

For example:
related:www.site
related:www.site

The define statement:
This operator acts as a kind of explanatory dictionary, allowing you to quickly get a definition of the word that is entered after the operator.

For example:
define:Kangaroo
define:Motherboard

Synonym search operator (~):
If you want to find texts containing not only your keywords, but also their synonyms, then you can use the “~” operator before the word for which you want to find synonyms.

For example:
Types of ~metamorphoses
~Object orientation

Range operator (..):
For those who have to work with numbers, Google has made it possible to search for ranges between numbers. In order to find all pages containing numbers in a certain range “from - to”, you need to put two dots (..) between these extreme values, that is, the range operator.

For example:
Buy a book $100..$150
Population 1913..1935

We dealt with the Windows operating system last time.

In this note, we will look at the folder structure in the user profile. This will allow us to understand the ideology of working with data, which is inherent in the Windows operating system by default.

Let me remind you that the profiles are located in the folder Users Windows 7 (in English version Windows folder called Users) and in the folder Documents and Settings Windows XP.

When you go to the folder Users (Users) or Documents and Settings, then, probably, in addition to folders with names created on the user account computer, you will find a folder Are common. It contains settings that are the same for all computer users, as well as shared folders and files. In my opinion, rarely anyone uses shared access to folders and files, so folder Are common It is practically of no interest to us.

After you create a user account on your computer, the profile folder is not yet created. It will appear later when you log into your computer using the newly created account. In this case, the name of the profile folder will always correspond to the name account, but there is one here important point— your account name you always you can change through the Control Panel, but at the same time the name of your profile folder will remain unchanged!

The set of folders inside the profile folder is the same for all users. It is created by default the first time you log into your computer under a new account.

In the Windows operating system, there is a special user profile template. It is the one that is used by default when creating new accounts. But where is this template located?

It turns out that it is located in the same folder, but it is hidden from prying eyes.

To see the folder with the template, you need to enable the display of hidden and system files in Windows Explorer. This is done as follows - in Folder and search options Explorer program, must be on the tab View uncheck the boxes and Show hidden files and folders.

Hidden and system folders are now displayed in Explorer. Hidden folder icons have a slightly “foggy” appearance:

You can see that several new folders have appeared. In my case these are the folders " All Users», « Default», « Default User" And " All users" Without going into details, I will say that the folders " Default User" And " All users"are not folders in the usual sense of the word. These are unique shortcuts (links) that are created automatically by the operating system and are intended for program compatibility and different versions operating system Windows. In Windows 7, the same can be said about the “ Documents and Settings", which is located in the root of the C: drive and is also hidden.

So, a new profile is created in the system based on the parameters and settings located in the “ Default" And " All Users" It is these folders that determine the default settings for new profiles, as well as the same settings for all users of the computer.

Now let's go to any user's folder. Do you see that some folders have an arrow on their icon?

This icon indicates that this folder is a shortcut. Such shortcuts are also used for operating system compatibility with programs.

Let's check the box again Hide protected system files V Folder and search options Explorer programs. Now Explorer will display only the folders that interest us.

First, I propose to deal with folders that relate more to the information that we store on the computer rather than to the settings of our account. So, in the screenshot below you can see how the user profile folders are connected to the elements of the Explorer window.

All personal information the user can store it in his library folders and this data will be accessible only to him. Other users will not have access to this information. As you now understand, the Explorer program displays your profile folders, and, accordingly, the information that you place in Libraries, for example, in the folder " Video" or " Images» will actually be stored in your profile at C:\Users\Username\My Videos or C:\Users\Username\Images.

The same goes for other elements, such as the folder " Downloads" or (folder " Search»).

By the way, please note that all the information (files and folders) that you store on your Desktop is located in the “ Desktop" You can easily verify this by looking in this folder. If you delete a file from it, it will disappear from the Desktop, and vice versa - the information copied into it will immediately appear on the Desktop.

So, we looked at the user profile folders that we deal with almost every day when working on a computer. There is one more very important folder left, which is hidden by default - “ AppData" This folder contains the main user settings Windows interface and programs installed on the computer. I’ll tell you about it in more detail in

The Facebook interface is strange and in some places completely illogical. But it just so happens that almost everyone I talk to ended up there, so I have to endure it.

Much about Facebook is not obvious. I tried to collect in this post what I did not find right away, and many probably have not found until now.

Ribbon

By default, Facebook generates a feed of popular posts. At the same time, on different computers it can be completely different. To force Facebook to generate a “regular” timeline, click the checkbox to the right of the word “News Feed” and select “Latest” there.

Unfortunately, in mobile application for Android, the feed is formed only by popularity.

Cleaning the tape

On Facebook, I always add as friends everyone who asks, but I don’t want to read any nonsense in my feed at all. In order to remove unnecessary publications from your feed, there is no need to remove anyone from your friends list, just disable the subscription. As soon as you see something unnecessary in your feed, click the checkbox on the right and select “Unsubscribe to...”. After this, this user's posts will never appear in your feed again.

Notifications

When you leave any comment on any post or photo, Facebook will start notifying you of any new comments. To refuse this, you need to turn off notifications. For different objects this is done in different places. With the status, everything is simple - click the checkbox to the right of the status and select “Do not receive notifications”.

Unfortunately, you cannot unsubscribe from comments in the Android mobile app.

Search by messages

Facebook has a search for personal messages, but few people know where it is hidden. Click on the messages button, then click "show all" at the bottom of the window that opens.

The message interface will open, with a second search bar appearing at the top.

There you can search for any words in all personal messages written during your entire use of Facebook.

Fighting Messenger

Facebook requires that mobile devices there was a separate application for messaging - Facebook Messenger. Many people really don't like him. For now, there is a way to continue messaging on Facebook itself. When Facebook once again refuses to show messages, requiring you to install Messenger, go to the application manager (in Android - System Settings - Applications), find Facebook there and click the "Erase data" button. After this, launch Facebook and re-enter your username and password. After this, messages will work for some time, although Facebook will periodically display a window asking you to install Messenger.

Action log

It's often very difficult to find something on Facebook. The following diagram helps a little. If you see something that might be useful later, give it a like. In the future, this like will be used to find a publication in the activity log. To open the log, click the small checkmark in the upper right corner of the interface and select “Action Log” in the menu that opens.

Inserting a publication

Every post on Facebook has an "Insert Post" link. It produces a code that can be inserted into any site where you can insert html (including LiveJournal). Unfortunately, the ability to embed videos seems to have been closed. It worked a week ago, but now on any view it says “This Facebook post is no longer available. It may have been deleted or its privacy settings have been changed.”

Disable video autoplay

By default, Facebook automatically plays all videos in your feed without sound. On mobile devices this can be a problem as it consumes a lot of bandwidth.

In the browser, video autoplay is disabled as follows: click the checkmark in the upper right corner, there are settings, then video.

In Android - click the three bars on the right in the icon line, there "Application Settings" - "Autoplay video" - set "Off." or "Wi-fi only". In the latter case, videos will autoplay only when connected via Wi-Fi.

Go to publication

In order to go from the feed to a specific publication, just click on the publication date, and a link to the publication can be obtained by simply right-clicking on the date and selecting “Copy link” there. Thanks for this advice samon , zz_z_z , borhomey .

Surely, the mysterious Facebook still has many secrets that I haven’t gotten to yet.

If you know about other Facebook secrets, write in the comments, I’ll add them to the post.

Saved