Date: 10 months ago   Category: Hi-Tech

About 390 thousand websites left open catalogs.git with a code


Czech researcher of safety Vladimir Smitka (Vladim&237; r Smitka) has carried out scanning about 320 million domains and has revealed that on 390 thousand websites catalogs of ".git" which on oversight have exposed in public space without access restriction are available to loading. In similar catalogs it is possible to find the classified information in certain cases menacing to safety. For example, in the catalog.git source texts of all server handlers of the website (attacking can use from for search of vulnerabilities), and in certain cases passwords and keys of access to DBMS, API and cloud services can be left.

Scanning of all domains in network has taken about 4 weeks then the researcher has tried to warn owners of the websites on which return of the catalog "is recorded. git", having organized mailing by email. E-mail addresses have been taken from file/.git/logs/HEAD. From 390 thousand websites it was succeeded to define email for 290 thousand from which 90 thousand email were unique. After sending prevention of 18 thousand addresses were not acting any more. In response to mailing nearly 2000 letters with thanks, 30 messages about false operation, two letters have been received from spammers and one threat with intention to complain in police.

Studying of contents of the catalog of" .git" has shown that 96% (186205 of selection in 194000) the websites contain a code in the PHP language and on 1% for Node.js (2394), Java (1742), Ruby (1199) and Python (1499). The code on Perl has been found in 504 cases. The 42nd thousand websites work under control of Ubuntu, 12906 - Debian, 9350 - CentOS, 3204 - Windows Server, 378 - RHEL, 216 - FreeBSD, 170 - Fedora, 152 - Gentoo, 50 - SUSE. Among control systems of content WordPress - 41139 websites, Drupal - 2256, Joomla - 1615, Typo3 - 1258, Bitrix - 330 is in the lead. On materials: www.opennet.ru

URL:




Today

just now

To add honey to tea looks much more safely, than you are purposefully stung by poison of bees or to use bee products or their buzz for diseases of About it MZ conductress Ulyana Suprun reported abou...

just now

The famous Russian expert in the field of dietology told, to properly eat that who should control the budget strictly. The expert said: it is impossible to save on meat and fish. Meat and fish. The...

just now

Scientists emphasize: the bacteria useful to one person can do harm to another. As notes New Scientist, the attention of the immunologist Martin Kregel from Yale University was drawn by microflora of people with an anti-phospholipid syndrome. This autoimmune frustration at which the immune system attacks the protein necessary for blood fluidifyin...

just now

On June 20, from 7 in the morning and until late at night, the team of NEWSONE TV channel, headed by your favourite leaders, will do everything that you were aware of what occurs in Ukraine today. i...

just now

In a capital segment of Facebook there was a volunteer association "Kiev Residents for Groysman" which supports the acting prime minister and its reform. Public activists call themselves sane resident...

just now

Near Mariupol the man nearly ran into the mine which is sticking out in the middle of the road. As 0629 was reported by Semyon, for the first time he saw a mine shaft on the road of the leader from...

just now

The main fight for shares of the Russian market between car makers was developed in SUV segment. It also is clear: demand for "SUVs" only grows. And therefore in a pursuit of potential clients concern...

just now

The head of VMware Pat Gelsinger was in the lead in the list. He received the highest rating in 99 percent. Specialists of Glassdoor service published the rating of the best heads of the companies w...