11:59 Svn six months later | |
In continuation of the work that half a year ago did the company 2Tovarischa and Anton Isaikin, we (aldonin and dasm32) decided to scan one million most popular sites and Web-modern, from google.com, and ending with wordpress.com. We have used Perl to write a scanner. Its first version did not use the rich features for creating and using threads. But when for 3 days as a result has been scanned only 25% of the sites - pity 250000, immediately raised the issue of increasing productivity:) After a bit, but the invaluable assistance of colleagues with perlmonks.org threading was quite involved, and all per day was tested the rest of our existing base. The results certainly surprised us. It has been found near the 4500(more precisely - 0.43%) sites with the above "vulnerability." The percentage was even higher than 2Tovarischey and Anton Isaikina. Among them were many large and popular portals and services, the names and addresses of which we will not publish, by following the principle of authors who have found this aspect of the negligence of many webmasters and administrators. Also during the scan on our server were sent only one angry letter from a German site, which, incidentally, was written that we "load" their web server:)). One pathetic request. Oh well. Despite the fact that in our time access to global computer network is already present in nearly every home, News and IT community have long been internationalized, our foreign colleagues seem to have not learned the dangers that could allow even a simple user get their hands on the holy of holies - working mechanisms of foreign web projects, large and small. We were surprised by the order of a disorder, which was characterized by even an experienced and battle-hardened "to the creators of web services. Understandably, such as for most Russian employees of the IT industry reading information in a foreign language - not such a problem, especially if there are many computerized dictionaries, but even not all of them were ready for this kind of "verification" - when scanning was found about 80 large projects in the area. ru open "doors" to get the source code. Stats The most popular area with open curious gaze SVN-s, as expected, will be the zone. Com, numbering a good half of vulnerable sites. Distribution of sites by geographic domain zones can be seen in this digramme. The same analysis was conducted by rating PR (PageRank - reference ranging from the notorious Google). And as it turned out later, according to McAfee SiteAdvisor, from 4,373 sites around 43h were detected malicious scripts. Few of the most "vulnerable" Using a specially compiled query in the browser, we can get the original list of project files, as well as their owners, and the last modification time, as well as themselves and the source code of your pages. Although it is not always out:) How can use the information received, the attacker - is known only to him. Maybe he just takes the user list and begin to pick up the password for the administrator's part of your site with logins, which could be used by you more than once. Maybe he will take advantage of access to source code to get the files from the config type config.inc.php, which are so fond of storing data to connect to the database server, many popular content management system, or simply download the entire site and calmly look for vulnerabilities in it already your computer without disturbing your server suspicious requests. Or maybe he will use the source, and will put in an analog network of your service ... But you never know what else you can think of ways to use such "goodies"? How do we guard against this? Shall not engage in blatant copy-pastingom, but only send the troubled reader a link to the post of the pioneers. In the lower part are necessary recommendations for protection. To you this is not true? If you are not using SVN on its Web site - if indeed "yes". Otherwise, try to follow a link vash-site.ru/.svn/entries and check for "light" if your entries-file around the world. In the end I would like to say that we did not set a goal to "download the source sites, so no source code has been received by us, just as they were saved entries-files. Now we are gradually draw the attention of the owners of sites crawled on their mistake. On the grounds that the information has just begun, we, alas, will not show you examples of vulnerable sites. But if the owners will respond consent - if you wish references to be provided. Regards, aldonin and dasm32. | |
|
Total comments: 0 | |