Date: 8 months ago   Category: Hi-Tech

About 390 thousand websites left open catalogs.git with a code


Czech researcher of safety Vladimir Smitka (Vladim&237; r Smitka) has carried out scanning about 320 million domains and has revealed that on 390 thousand websites catalogs of ".git" which on oversight have exposed in public space without access restriction are available to loading. In similar catalogs it is possible to find the classified information in certain cases menacing to safety. For example, in the catalog.git source texts of all server handlers of the website (attacking can use from for search of vulnerabilities), and in certain cases passwords and keys of access to DBMS, API and cloud services can be left.

Scanning of all domains in network has taken about 4 weeks then the researcher has tried to warn owners of the websites on which return of the catalog "is recorded. git", having organized mailing by email. E-mail addresses have been taken from file/.git/logs/HEAD. From 390 thousand websites it was succeeded to define email for 290 thousand from which 90 thousand email were unique. After sending prevention of 18 thousand addresses were not acting any more. In response to mailing nearly 2000 letters with thanks, 30 messages about false operation, two letters have been received from spammers and one threat with intention to complain in police.

Studying of contents of the catalog of" .git" has shown that 96% (186205 of selection in 194000) the websites contain a code in the PHP language and on 1% for Node.js (2394), Java (1742), Ruby (1199) and Python (1499). The code on Perl has been found in 504 cases. The 42nd thousand websites work under control of Ubuntu, 12906 - Debian, 9350 - CentOS, 3204 - Windows Server, 378 - RHEL, 216 - FreeBSD, 170 - Fedora, 152 - Gentoo, 50 - SUSE. Among control systems of content WordPress - 41139 websites, Drupal - 2256, Joomla - 1615, Typo3 - 1258, Bitrix - 330 is in the lead. On materials: www.opennet.ru

URL:




Today

just now

According to unofficial data, in the territory of Ukraine there are more than 1 million cars on foreign numbers. On May 22 "draconian penalties" in this connection Avtoyevrosila will gather under wall...

just now

The drunk Crimean decided to organize fireworks some days before New year in the downtown. But all nothing if the grenade did not act as pyrotechnics, and the fir-tree would not become object of its installation. the Kirov district court of the Republic of Crimea pronounced a sentence to the inhabitant of. The old Crimea for illegal acquisition,...

just now

Today, on April 24, the Nikolaev Court of Appeal began consideration of appeals of the suspect, defenders for the benefit of the suspect and the prosecutor of military prosecutor's office of the Nikol...

just now

Now the application of Uber will remind the users that it is necessary to check trip details before they get into the car. It is necessary to be convinced that the license plate, data of the car and a...

just now

On May 21 the National Bank of Ukraine (NBU) on the platform of Universal commodity exchange "Counterassembly House of UMVB" will hold an electronic exchange auction selling commemorative coins "Mgars...

just now

The Renault company published information on the Kaptur 2019 crossover of model year for the Russian market. of Renault Kaptur kept former design and technical "stuffing", but the model had changes...

just now

Dmitry Cherkasov together with the spouse visited atmospheric evening with Viva!. on April 23 Viva! brought together star friends on a roof in the center of Kiev to distract from all cares and to op...

just now

Render of future Russian SUV of new generation designers of the autoportal "made Wheels. ру". at the beginning of April the head of Sollers Vadim Shvetsov, to the company which possesses Ulyanovsk A...