How easy is it?
The article "Ensuring a website safety" is provided by Sophos Plc and SophosLabs.
December 2007.
Working on this article, the author decided to find out if it is easy to find examples of data leaks. He entered the default name of a common FTP client log file in different search engines. It turned out that this seemingly unimportant FTP log file is publicly available on thousands of sites. It is indexed, although webmasters probably don't know about it. Such sites can be a good example of data leak.
Here is an example of such log file (with cuttings):
99.07.16 08:34 A x:\xxxxxxxx\xxxxxx\xxxxxx\WS_FTP.LOG <--
<site name> /export/home/<username>/xxxxxx/xxxxxx WS_FTP.LOG
99.07.16 08:53 A x:\xxxxxxxx\xxxxxx\xxxxxx\home.html -->
<host name> /xx/www/xxxxxx-xxx/xxxxhome.html
This extract can provide a lot of useful information.
-
Site name.
-
Username of the Linux or BSD server user.
-
Host name.
With this data, you can find out the following:
-
The host name and the server IP address.
-
Remote path where the data was copied.
-
Local path from which the data was copied.
Such information is very important for an attacker because the host name and user name allows you to try to obtain administrator access. In addition, the attacker can find the hosting provider's phone number or email address, and try to get the password with social engineering methods.
This is often easier than attacking the server because many hosting providers pass credentials with minimal security measures. They are often contacted by individual contractors who develop sites for the third parties. A request to provide credentials or to reset the password is common.
The author of the article has done it several times (legally, of course), but only one company requested permission from the site owner.
It is just so easy.