Meow: kurwisa kunoparadza data mune DBs isina kudzivirirwa kubva kuElasticsearch neMongoDB

Meow kurwisa kunoramba kuchikura uye ndizvozvo kwemazuva akati wandei ikozvinos dzakaburitswa dzakasiyana nyaya iyo kurwisa kwakasiyana siyana kusingazivikanwe kunoparadza data muzvivakwa zvisina dziviriro Elasticsearch uye MongoDB yeruzhinji kuwana.

kunze kwaizvozvo zviitiko zvakasarudzika zvekuchenesa zvakanyorwa zvakare (vangangoita 3% yeavo vese vakaurayiwa zvachose) kune isina kuchengetedzwa dhatabhesi inoenderana neApache Cassandra, CouchDB, Redis, Hadoop, uye Apache ZooKeeper.

About Meow

Kurwiswa kunoitwa kuburikidza ne bot iyo inonyora iyo DBMS network chiteshi zvakajairika. Kudzidza kwekurwiswa kweiyo fake honeypot server kwakaratidza izvo iyo bot yekubatanidza inoitwa kuburikidza ProtonVPN.

Chikonzero chematambudziko ndiko kuvhurwa kweruzhinji kuwana kune dhatabhesi pasina chaiyo yekumisikidza marongero.

Nekukanganisa kana kusava nehanya, mubati wechikumbiro anozvinamatira kwete kukero yemukati 127.0.0.1 (localhost), asi kune ese network mapindiro, kusanganisira yekunze. MuMongoDB, hunhu uhwu hunogoneswa nemuenzaniso wekumisikidza iyo inopihwa nekutadza, uye muElasticsearch isati yasvika vhezheni 6.8, iyo yemahara vhezheni haina kutsigira kupinda kwekutonga.

Nhoroondo neVPN mupi «UFO» inoratidza, iyo yakaburitsa pachena inowanikwa 894GB Elasticsearch dhatabhesi.

Iye mupi akamisa pachezvayo seane hanya nezve kuvanzika kwevashandisi uye kusachengeta zvinyorwa. Kupesana nezvakataurwa, kwaive nezvinyorwa mudhatabhesi Pop-ups yaisanganisira ruzivo nezve IP kero, chinongedzo kubva muchikamu kusvika panguva, mamaki nzvimbo yemushandisi, ruzivo nezve mushandisi sisitimu yekushandisa uye chishandiso, uye rondedzero yenzvimbo dzekuisa kushambadzira mune isina kudzivirirwa yeHTTP traffic.

Uyewo, dhatabhesi raive nerakajeka zvinyorwa zvekuwana mapassword uye makiyi echikamu, izvo zvaibvumira izvo zvikamu zvakabatwa kuti zvinyorwe.

Mupi weVPN «UFO» akaudzwa nezvenyaya iyi Chikunguru 1, asi meseji yakaramba isina mhinduro kwevhiki mbiri uye chimwe chikumbiro chakatumirwa kumupi wekutambira muna Chikunguru 14, mushure meizvozvo dhatabhesi rakachengetedzwa muna Chikunguru 15.

Iyo kambani yakapindura kuzivisa nekufambisa dhatabhesi kune imwe nzvimbo, asi zvakare haana kukwanisa kuzvichengetedza zvakanaka. Pasina nguva refu, kurwisa kwaMeow kwakamubvisa.

Kubva muna Chikunguru 20, iyi dhatabhesi yakawonekazve munzvimbo yeruzhinji pane imwe IP. Mune imwe nguva yemaawa, rinenge rese data rakabviswa mudhatabhesi. Kuongororwa kwekubviswa uku kwakaratidza kuti kwaive kwakabatana nekurwiswa kukuru kunodaidzwa kunzi Meow kubva pazita remakesi akasara mudhatabhesi mushure mekubviswa.

"Pakangochengetedzwa data rakaburitswa, rakazobudazve kechipiri musi waChikunguru 20 pane imwe kero yeIP: zvinyorwa zvese zvakaparadzwa nekumwe kurwiswa ne" Meow "robhoti," Diachenko akatumira tweet kutanga kwesvondo rino. .

Victor Gevers, purezidhendi wesangano risingabatsiri GDI, yakaonawo kurwiswa kutsva. Anoti mutambi uyu ari kurwisawo Mabhodhi eMongoDB akafumurwa. Iye muongorori akaona China kuti chero munhu ari kukonzera kurwiswa anoita kunge ari kunongedza chero dhatabhesi isina kuchengetedzeka uye isingawanikwe paInternet.

Kutsvaga kuburikidza nebasa raShodani yakaratidza kuti mazana emazana emaseva anga avewo akabatwa nekubviswa. Iye zvino huwandu hwedatabhesi dziri kure hwava kusvika mazana mana emakumi mairi ayo mKupfuura 97% yeaya maElasticsearch uye MongoDB dhatabhesi.

Sekureva kwaLeakIX, chirongwa chinoisa indexes akavhura masevhisi, Apache ZooKeeper yaive yakanangwawo. Kumwe kurwisana kushoma kwakamaka zvakare ma616 ElasticSearch, MongoDB neCassandra mafaera netambo "university_cybersec_experiment". 

Vatsvakurudzi vakaratidza kuti mukurwiswa uku, varwisi vacho vanoratidzika kunge vanoratidza kune vanochengetedza dhatabhesi kuti mafaira ari panjodzi yekuona kana kubviswa


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako