On 06/09/2018 03:27 AM, Andrew Gierth wrote:
"Thomas" == Thomas Kellerer <spam_ea...@gmx.net> writes:
Thomas> And a blog post going into details on how that specific attack works.
Thomas>
https://www.imperva.com/blog/2018/03/deep-dive-database-attacks-scarlett-johanssons-picture-used-for-crypto-mining-on-postgre-database/
*headdesk*
*headdesk*
*headdesk*
FOR THE LOVE OF LITTLE APPLES, why, in an article as comprehensive as
this, did they not list in the "quick tips" at the end, the quickest and
most absolutely basic and essential tip of all, which is "don't open up
your database for superuser access from the whole world" ???
To become vulnerable to this attack, you have to do ALL of these:
- give your db a public IP
- allow access (or forget to prevent access) to it through any
firewall
- configure pg to listen on the public IP
- explicitly add an entry to pg_hba.conf that allows access from
0.0.0.0/0 for all users or at least the postgres user
- AND have a guessable password on the postgres user or explicitly
use "trust" on the above hba entry
*headdesk*
Against stupidity the Gods themselves contend in vain.
cheers
andrew
--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
