ADVERTISEMENT

World’s most-visited websites put visitors at risk by exposing leftover files

leftover file security
Cybernews Team
Oct 28, 2021 Updated: 1 November 2021 5 min read
  • The CyberNews Investigations team scanned the internet’s 35,000 most-visited websites from the Alexa top one million list for common leftover files.
  • 82 of the top 35,000 websites had multiple types of leftover files exposed on their servers.
  • It is estimated that websites with exposed dangerous leftover files get around 17 million monthly visits.
  • Exposed leftover files can potentially result in malware injections, stolen user data, and full website takeovers by threat actors.
From overlooked database history and DS_STORE files to GIT repositories, even a single exposed item can open millions, if not billions, of visitors to a plethora of potential dangers, including data breaches, phishing attacks, identity theft, or worse
Martynas Vareikis, CyberNews

What we discovered

leftover exposed file infopgraphic

Desktop service files

GIT directories

ADVERTISEMENT

MySQL_HISTORY and ENV files

Protecting against unauthorized access via leftover files

“When left in publicly accessible locations, bad actors use the data to discover credentials, map server infrastructure, perform lateral attacks, inject malware, or infect servers with ransomware. Using today’s advanced technology, hackers can scan the global internet IPv4 range in less than 5 minutes.”
Sam Jadali, founder of Melurna
  1. Make sure that the team is aware of secure development. In addition, it's important that the developers are aware of OWASP TOP 10 vulnerabilities and how to prevent them during the development.
  2. Any input by the user must be validated. In addition, make sure that the output is sanitized.
  3. Exceptions must be handled. Make sure that every exception is handled properly. Attackers are using exceptions in order to gather the information that can aid in additional attacks.
  4. Use browser security headers, such as HSTS, X-Frame-Options, and X-XSS protection.
  5. Implement Identity and Access Management in order to follow the least privilege principle.
  6. Run automatic security products to reveal vulnerabilities during the development, testing, and deployment of new versions of the application.
  7. Perform manual penetration testing assessment on a regular basis.
ADVERTISEMENT