Re: Compromised postgresql instances
| От | Andrew Dunstan |
|---|---|
| Тема | Re: Compromised postgresql instances |
| Дата | |
| Msg-id | ce516224-0c26-2eae-1976-897f40a77375@2ndQuadrant.com обсуждение исходный текст |
| Ответ на | Re: Compromised postgresql instances (Andrew Gierth <andrew@tao11.riddles.org.uk>) |
| Список | pgsql-hackers |
On 06/09/2018 03:27 AM, Andrew Gierth wrote: >>>>>> "Thomas" == Thomas Kellerer <spam_eater@gmx.net> writes: > Thomas> And a blog post going into details on how that specific attack works. > > Thomas> https://www.imperva.com/blog/2018/03/deep-dive-database-attacks-scarlett-johanssons-picture-used-for-crypto-mining-on-postgre-database/ > > *headdesk* > > *headdesk* > > *headdesk* > > FOR THE LOVE OF LITTLE APPLES, why, in an article as comprehensive as > this, did they not list in the "quick tips" at the end, the quickest and > most absolutely basic and essential tip of all, which is "don't open up > your database for superuser access from the whole world" ??? > > To become vulnerable to this attack, you have to do ALL of these: > > - give your db a public IP > - allow access (or forget to prevent access) to it through any > firewall > - configure pg to listen on the public IP > - explicitly add an entry to pg_hba.conf that allows access from > 0.0.0.0/0 for all users or at least the postgres user > - AND have a guessable password on the postgres user or explicitly > use "trust" on the above hba entry > > *headdesk* > Against stupidity the Gods themselves contend in vain. cheers andrew -- Andrew Dunstan https://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
В списке pgsql-hackers по дате отправления: