Monday, August 29, 2016

Are Hackers looking at your Web Backups?

I read a great blog post Mazin Ahmed's Blog on Backup File Artifacts on the web. It's a great article on how Developers, Sysadmin, etc. have to be CAREFUL they aren't leaving backup files/artifacts out on the internet freely accessible to the bad guys. For example ...
a.) Leaving a web.configBACKUP.txt file sitting in the root folder. Suddenly your connection strings are accessible on the internet!!!
b.) Leaving a index.php.bak file out in the web folder. Suddenly your server-side php code could be accessible to the attacker!!!
c.) Leaving a db.mdb.bak out in the web folder. Suddenly a copy of your database is accessible!!!

The bad news is, I've seen developers do this on purpose and accident. It might even get checked into their source control and then auto-deployed out! I've also seen SysAdmins do this too for example when they're doing a website update or perhaps troubleshooting a Production issue. It's CRITICAL that as developers and sysadmins you clean-up/remove your backup file artifacts from production.

The bad guys can use this to grab passwords, data, code, and much more that could allow them to get just enough information to break into your system.

The even worse news? I see bad guys running generic random queries across the entire internet searching for these .bak , .backup, etc. files, so if you have one our there already, they may have already found it and utilized it against you. So take the time to clean your production server now, and remember to put a process in place so those files never get out there again!

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment