Hacking using search, inattention and my accomplice GitHub

image

the

Introduction


One fine, bright morning, being shocked from what the temperature outside, as it seemed, was 5 degrees more than usual, I felt an unprecedented influx of light and my brain had crept the idea — "but those offers and accounts, which are sold on the "black market" — these are stolen all kinds of phishing sites and the Steelers, and as far as I know, the Steelers — all logs must be stored on the Kaoma-host on the Internet".

From that moment there was no time to hesitate — you need to test. I headlong ran to the computer frantically hammering in the address bar "google.com" and first entered the search query "stealer filetype:txt". Seen I'm not how much surprised among the search queries I saw the expected logs of one of the most popular Steelers.
View screenshot
image

the

Chapter 1. Why you need to use robots.txt the nofollow tags and put plugs


After that I couldn't stop. I, like a wolf that smelled blood of his victim continued to search, but with the queries that are more targeted for specific names Steelers
screenshot #1
image

screenshot #2
image

And then struck me again — "but apart from logs with accounts of failed users caught in the "software thief", you can find something more serious, such as configs" and I went on GitHub.

the

Chapter 2. Why you need to block files via configs .gitignore


Frankly, the opportunity to do what I did and see what I saw I was due to the carelessness or laziness of some users who prefer to use GitHub instead of the alternative services that allows you to create private repositories (networks, bitbucket).
Take, for example, the mask automatically generated by MYSQL host one of the popular hosting and get, again, expected result:
View screenshot
image

No further need to have a lot of imagination to understand what to do with all this.

the

Conclusion


Please use file .gitignore not Deplete your configs.
Article based on information from habrahabr.ru

Комментарии

Отправить комментарий

Популярные сообщения из этого блога

ODBC Firebird, Postgresql, executing queries in Powershell

Изображение
Sometimes, system engineers may need to obtain specific data directly from the DBMS by means of Powershell. In this article I want to demonstrate two methods of operating firebird, postgresql through the odbc driver and client library. let's Start with the firebird and work with the database through the ODBC driver, you first need to register in the system client library GDS32.DLL, its bit width should be the same as the ODBC driver which should be installed next, download on the manufacturer's website , be sure during installation you need to tick on the registration of the library. Next install itself ODBC, who also take on the manufacturer's website , do not forget that the bit size should match the bit count of a previously installed client. Now actually have a powershell script, it was based on example in C# for postgresql. the $dbServerName = "localhost:base.gdb" $dbUser = "SYSDBA" $dbPass = "masterkey" [string]$s...
Далее...

Installation LivestreetCMS on MODX Revolution package 10 clicks

Изображение
I have often written about your module modLivestreet for a bunch MODX Revolution + LivestreetCMS (In this Topeka in detail the idea and implementation of schemes, etc.). After almost two weeks since the beginning of the module development, I came to the following conclusion: it is too hard work. The idea itself is simple: MODX Revolution (which historically do not have enough modules for creating blogs) to tie LivestreetCMS in order to get the kind of sociolosko with good functionality. The first package I have thrown fast, and ensures the redirection of queries to Livestreet and output content in MODX. But then I tried to implement the synchronous operation with users of MODX - and LS-., and then something else... In General, the functionality grew, the code is also. The problems manifested in the difficulties settings of this Union. If MODX is possible to say in General, no serious problems have arisen (or at least did not have to touch a single byte code engine), then Lives...
Далее...

The Ministry of communications wants to ban phones without GLONASS

Today in the Ministry of communications submitted the bill , according to which in Russia it will be possible to use only those mobile phones that include support for the GLONASS navigation system. Although it is not clear how this will be monitored, most likely, we are talking about banning the importation and sale. This decision was taken in order, and I quote in order to ensure the stability of the unified telecommunication network of the Russian Federation in various conditions. Requirements (in the case of the adoption of this act) will apply to manufacturers and sellers. To monitor the implementation of law be entrusted to Roskomnadzor. How has this come? For me personally this news is not very surprising (and not only because this is another project state silly the Duma), not so long ago there was another similar initiative, the essence of which was to translate public transport to use the system "To the end of the year practically the whole of Moscow is covered ...
Далее...