0 Members and 1 Guest are viewing this topic.
Recently I started doing a internet-wide scan for rsync servers, thinking it might be fun to write a toy search-engine/indexer.Even the basics such as searching against the names of exported shares would be interesting, I thought.Today I abandoned that after exploring some of the results, (created with zmap), because there's just too much private data out there, wide openIP redacted for obvious reason:shelob ~ $ rsync rsync://xx.xx.xx.xx/ginevra Ginevra backupkrsna Alberto Laptop Backupfranziska Franz Laptop Backupgenoveffa Franz Laptop Backup 2Some nice shares there. Lets see if they're as open as they appear to be:shelob ~ $ rsync rsync://xx.xx.xx.xx/ginevra/home/drwxrwsr-x 4096 2013/10/30 13:42:29 .drwxr-sr-x 4096 2009/02/03 10:32:27 abldrwxr-s--- 12288 2014/02/12 20:05:22 albertodrwxr-xr-x 4096 2011/12/13 17:12:46 alessandradrwxr-sr-x 20480 2014/02/12 22:55:01 backupdrwxr-xr-x 4096 2008/10/03 14:51:29 bertacci..Yup. Backups of /home, /etc/, and more.I found numerous examples of this, along with a significant number of hosts that exported "www" + "sql", as a pair, and a large number of hosts that just exported "squid/". I assume they must be some cpanel-like system, because I can't understand why thousands of people would export the same shares with the same comments otherwise.I still would like to run the indexer, but with so much easy content to steal, well I think the liability would kill me.I considered not posting this, but I suspect "bad people" already know..,
Just brushing though. I will be semi active mainly came to find a HQ botnet, like THOR or just any p2p botnet
Author
Topic: Are your rsync shares secured? (Read 606 times)
