Open directories are like online file storing systems to access files remotely. A directory works like a digital filing cabinet, organising folders and files such as invoices, back-ups, important mail, IP, and more. Having this operate via the cloud means you can access your files from anywhere. However, some directories lack security, also known as open directories, and are accessible to more people than you would like.
Security via obscurity?
Often, security of such files and directories is left until the end of the (development) process, making it more prone to being forgotten altogether. In addition, there is still a large misconception that if there are no direct connections to a directory, it is therefore safe. Protecting something by making it “hard to find” is, unfortunately, ineffective as there’s almost always a workaround. It’s still very much possible to detect directories without ‘clicking’ your way to them.
Instead, simply using sources such as Shodan, Censys, and Google Dorks allows anyone to insert a query for a list of open directories and data dumps of a certain file type.
Directories via a web request
Even simpler, a well-formulated web request can result in the directory listing when there is no index file in the website category. Such Directory Listing is a feature that can be turned on or off. Acenutix explains: requesting a domain “without specifying a file (such as index.html, index.php, or default.asp), the web server processes this request, returns the index file for that directory, and the browser displays the website. However, if the index file did not exist and if directory listing was turned on, the web server would return the contents of the directory instead."
That looks something like this:
How bad is it?
The image above is illustrative of the kinds of directories and data files that are openly accessible in this way. These are leftover files, VPN files, and some database dumps. Though only one small data leak can have a huge impact on an organisation or individuals, the risk level increases when more of these files can be found.
We wanted to determine the extent of the problem. How many directories and files can be found with a relatively quick investigation? To find out, we used a combination of Shodan and our own Attack Surface Management platform to look for such open directories. The result: over 475,000 directories leading to millions of files, with some dumps as big as 30 gigabytes, from all over the world.
What did we find?
The research itself will be explained in more detail over the coming weeks, when we discuss the method and specific findings. We will also present a complete overview of the data dumps, exports, and leftover files we have found, and the potential impact of such data leaks. Our CISO Vincent Thiele and Security Analyst Soufian El Yadmani share their insights during our live webinar on 1 December. And most importantly: they will also explain how you can detect and prevent an incident from an open directory.
Click below to register and for more details about their webinar.