Is Google Apps Domain Verification Asking For Trouble?

Feb 26, 2007 - 7:51 am 2 by
Filed Under Misc Google

There was a lot of buzz last week with the launch of Google Apps Premier Edition and with that comes potential harm. Yes, Google Desktop has recently been reported to have two serious malicious holes, both, I believe, now patched. But what about Google Apps?

With any hack, one of the first steps is to locate vulnerable sites or computers. Google Apps requires sites to verify domain ownership within the first 30 days. They can do this one of two ways:

  • Create a CNAME record
  • Upload an HTML file to your server

A Cre8asite Forums thread shows how easy it is to use Google to search for sites that are potentially running Google Apps for Domains on their site. A search on inurl:googlehostedservice.html currently returns just about 700 sites. Now, I am sure many opt for the CNAME method, and I think that those can be easily discovered, but now with a simple Google search.

The thread asks, is Google asking for trouble with this? Why not make a dynamically generated file that has no pattern, that can be uploaded to your server. Instead of a standard file named googlehostedservice.html?

Forum discussion at Cre8asite Forums.

 

Popular Categories

The Pulse of the search community

Search Video Recaps

 
Video Details More Videos Subscribe to Videos

Most Recent Articles

Search Forum Recap

Daily Search Forum Recap: June 30, 2025

Jun 30, 2025 - 10:00 am
Google Search Engine Optimization

Google Supports Fewer Structured Data, Not More Like Promised

Jun 30, 2025 - 7:51 am
Bing Ads

Microsoft Removed Over One Billion Ads & 475,000 Advertiser Accounts

Jun 30, 2025 - 7:41 am
Google

Google Tests AI Mode In Chrome Search Bar (Desktop & Android)

Jun 30, 2025 - 7:31 am
Google

PSA: Fan Out Queries Are Not In Google Search Console

Jun 30, 2025 - 7:21 am
Google Ads

New Google Ads Broad Match Experiments Testing

Jun 30, 2025 - 7:11 am
Previous Story: Design Update For Search Engine Roundtable