I-Meow luhlaselo oluqhubeka nokufumana amandla kwaye kunjalo kangangeentsuku ezininzi ngokus sele zikhutshiwe iindaba ezahlukeneyo apho ukuhlaselwa okungaziwayo okutshabalalisa idatha kwiindawo ezingakhuselekanga I-Elasticsearch kunye neMongoDB yokufikelela koluntu.
ngaphandle koko iimeko zokucoca ezizodwa nazo zarekhodwa (malunga ne-3% yawo onke amaxhoba) kulwazi olungakhuselekanga olusekwe kwi-Apache Cassandra, CouchDB, Redis, Hadoop, kunye neApache ZooKeeper.
Malunga neMeow
Uhlaselo lwenziwa nge-bot edwelisa amazibuko wenethiwekhi ye-DBMS eqhelekileyo. Ukufundwa kohlaselo kwiseva ye-honeypot engeyonyani kubonise oko Unxibelelwano lwe-bot lwenziwa ngeProtonVPN.
Unobangela weengxaki kukuvulwa kokufikelela koluntu kwiziko ledatha ngaphandle koseto lokuqinisekisa olufanelekileyo.
Ngempazamo okanye ukungakhathali, umphathi ophethe isicelo akazinamathiseli kwidilesi yangaphakathi engu-127.0.0.1 (localhost), kodwa kulo lonke ujongano lwenethiwekhi, kubandakanya nolwangaphandle. Kwi-MongoDB, le ndlela yokuziphatha iququzelelwa sisimo sesampulu enikezelwa ngokungagqibekanga, kwaye kwi-Elasticsearch ngaphambi kwenguqulo 6.8, uhlobo lwasimahla aluzange luxhase ulawulo lofikelelo.
Imbali kunye nomnikezeli weVPN «UFO» ibonisa, Etyhile i-894GB Elasticsearch database.
Umboneleli ubekeke njengexhala malunga nemfihlo yomsebenzisi nokungagcini iirekhodi. Ngokuchasene noko bekutshiwo, bekukho iirekhodi kwiziko ledatha I-pop-ups ebandakanya ulwazi malunga needilesi ze-IP, ikhonkco ukusuka kwiseshoni ukuya kwixesha, iithegi zendawo yomsebenzisi, ulwazi malunga nenkqubo yokusebenza komsebenzisi kunye nesixhobo, kunye noluhlu lweendawo eziza kufaka iintengiso kwindlela ye-HTTP engakhuselekanga.
Kwakhona, iziko ledatha linamaphasiwedi acacileyo okufikelela kunye nezitshixo zeseshoni, ezivumela ukuba iiseshoni ezifunyenweyo zisuswe.
Umboneleli weVPN «UFO» wazisiwe ngomcimbi ngoJulayi 1, kodwa umyalezo awuphendulwanga iiveki ezimbini kwaye esinye isicelo sathunyelwa kumboneleli wokusingatha ngoJulayi 14, emva koko i-database yakhuselwa nge-15 kaJulayi.
Inkampani iphendule kwisaziso ngokususa isiseko sedatha kwenye indawo, kodwa kwakhona akakwazanga ukuyikhusela ngokufanelekileyo. Kungekudala emva koko, uhlaselo lukaMeow lwamtshabalalisa.
Ukusukela nge-20 kaJulayi, le datha iphinde yavela kwindawo kawonkewonke kwi-IP eyahlukileyo. Kwimizuzu yeeyure, phantse yonke idatha isuswe kwindawo yogcino lwedatha. Uhlalutyo lokucinywa lubonise ukuba lwalunxulunyaniswa nohlaselo olukhulu olubizwa ngokuba yi-Meow olusuka kwigama lezalathiso ezishiyekileyo kwindawo yogcino lwedatha emva kokususwa.
"Nje ukuba idatha eveziweyo ikhuselekile, yaphinda yavela okwesibini ngoJulayi 20 kwidilesi eyahlukileyo ye-IP: zonke iirekhodi zatshatyalaliswa lolunye uhlaselo lwerobhothi 'kaMeow'," utshilo uDiachenko kuTwitter ekuqaleni kwale veki. .
UVictor Gevers, umongameli wesiseko esingenzi nzuzo I-GDI, ikwangqina olu hlaselo lutsha. Ubanga ukuba umdlali weqonga uhlasele ugcino lwedatha lweMongoDB. Umphandi uqaphele uLwesine ukuba nabani na obangela uhlaselo ubonakala ejolise nakweyiphi na indawo yedatha engakhuselekanga kwaye ingafikeleleki kwi-Intanethi.
Ukukhangela ngenkonzo kaShedan ibonakalise ukuba amakhulu eeseva ezingaphezulu ziye zaba ngamaxhoba okususwa. Ngoku inani ledatha ekude lisondela kuma-4000 apho mNgaphezulu kwama-97% ezi ziindawo zolwazi ze-Elasticsearch kunye neMongoDB.
NgokukaLeakIX, iprojekthi ebonisa ukuba iinkonzo ezivulekileyo, i-Apache ZooKeeper nayo yayijolise kuyo. Olunye uhlaselo olungenabungozi luphawule i-616 ElasticSearch, iifayile zeMongoDB kunye neCassandra ngentambo "university_cybersec_experiment".
Abaphandi bacebise ukuba kolu hlaselo, abahlaseli babonakala bebonisa kugcino lwedatha ukuba iifayile zisengozini yokujongwa okanye ukususwa.