Re: Compromised postgresql instances

>>>>> "Thomas" == Thomas Kellerer <spam_eater@gmx.net> writes:

 Thomas> And a blog post going into details on how that specific attack works.

 Thomas>
https://www.imperva.com/blog/2018/03/deep-dive-database-attacks-scarlett-johanssons-picture-used-for-crypto-mining-on-postgre-database/

*headdesk*

*headdesk*

*headdesk*

FOR THE LOVE OF LITTLE APPLES, why, in an article as comprehensive as
this, did they not list in the "quick tips" at the end, the quickest and
most absolutely basic and essential tip of all, which is "don't open up
your database for superuser access from the whole world" ???

To become vulnerable to this attack, you have to do ALL of these:

  - give your db a public IP
  - allow access (or forget to prevent access) to it through any
    firewall
  - configure pg to listen on the public IP
  - explicitly add an entry to pg_hba.conf that allows access from
    0.0.0.0/0 for all users or at least the postgres user
  - AND have a guessable password on the postgres user or explicitly
    use "trust" on the above hba entry

*headdesk*

-- 
Andrew (irc:RhodiumToad)