Un nombre croissant de botnets parcourent le Web à la recherche de fichiers de configuration accessibles publiquement et plus spécifiquement des fichiers ENV. Ceux-ci peuvent exposer des mots de passe pour les bases de données des sites ainsi que des clés API pour l’accès à des services tiers.
Trop de développeurs négligent encore la sécurité élémentaire de leurs sites Web. De nombreux botnets scannent désormais la toile à la recherche de fichiers ENV non sécurisés, dans l’espoir de dérober des mots de passe et autres informations confidentielles. Le phénomène n’est pas complètement nouveau, les développeurs étant régulièrement mis en garde sur la sécurité des fichiers de configuration depuis des années.
Les botnets, des réseaux d’ordinateurs compromis et commandés à distance, étaient déjà utilisés pour trouver des fichiers de configuration GIT ou des clés privées SSH mis en ligne accidentellement. Cependant, ils visent désormais plus spécifiquement les fichiers d’environnement ENV. Selon les données de l’entreprise de cybersécurité GreyNoise, en trois ans plus de 2.800 adresses IP ont été utilisées pour scanner le Web à la recherche de fichiers ENV, dont 1.100 au cours des quatre dernières semaines.
Les fichiers ENV sont utilisés par différents outils de développement comme Docker ou Node.js. Ils contiennent les variables d’environnement, notamment des mots de passe et des clés API. Ces dernières sont des codes personnels pour accéder à des services en ligne, comme des fonctionnalités Google, des données du gouvernement et bien d’autres. Étant de simples fichiers texte sans chiffrement, les fichiers ENV sont normalement placés dans des dossiers protégés, non accessibles depuis le Web.
Ainsi, un fichier ENV exposé sur le Web donne accès non seulement aux bases de données de l’entreprise propriétaire du site, mais également à des données et fonctions sur des services tiers. Les développeurs doivent donc s’assurer au plus vite qu’aucun fichier ENV n’est accessible en ligne. Dans le cas contraire, il sera nécessaire de changer tous les mots de passe, clés API et tout autre code personnel.
Intéressé par ce que vous venez de lire ?
Abonnez-vous à la lettre d’information La quotidienne : nos dernières actualités du jour.
Lien externe
Great blog here! Also your site loads up very fast!
What web host are you using? Can I get your affiliate link to your host?
I wish my site loaded up as fast as yours lol
Check out the post below for a good video of dancing gogo girls at the casino.
Also visit my blog ppost – 카지노사이트
Hello i am kavin, its my first time to commenting anywhere,
when i read this article i thought i could also create comment due to this brilliant piece of
writing.
A user-friendly interface ensbles yyou to make seamess interactions inside What is the best casino app.
Безопасность, честность и конфиденциальность гарантированы
лицензией, выданной на Кюрасао.
Hey I know this is off topic but I was wondering if you knew
of any widgets I could add to my blog that automatically tweet
my newest twitter updates. I’ve been looking for
a plug-in like this for quite some time and was hoping maybe you would
have some experience with something like this.
Please let me know if you run into anything. I truly
enjoy reading your blog and I look forward to your new updates.
I just like the valuable information you provide to your articles.
I’ll bookmark your blog and take a look at once more here frequently.
I’m rather certain I’ll be told many new stuff right here!
Best of luck for the following!
Also visit my web site … Galaxy77
I could not refrain from commenting. Perfectly written!
Feel free to surf to my blog post Nexusslot.com
Great article! This is the kind of information that should be shared across the
internet. Shame on the seek engines for not positioning
this post upper! Come on over and discuss with my
website . Thank you =)
This post is invaluable. Where can I find out more?
Simply want to say your article is as astounding. The clearness on your put up
is simply excellent and i can think you are knowledgeable
on this subject. Well with your permission let me to grasp your feed to keep updated with
drawing close post. Thank you one million and please keep up the enjoyable work.
I know this if off topic but I’m looking into starting my own weblog and was curious what all is required to get set
up? I’m assuming having a blog like yours would cost a pretty penny?
I’m not very web smart so I’m not 100% sure. Any suggestions or advice would be greatly appreciated.
Thanks
Every weekend i used to visit this website, because i wish for enjoyment, as this this website conations in fact nice funny data too.
Всем привет, играл ранее в голдфишку, выпала бонуска и сразу фатал эрор, после захода бонуска пропала, задумайтесь сами!?
Good Morning everyone I want to share my talent on money making.
오피사이트 Please
check this out and you will be rich just like me!
You actually make it seem so easy together with your presentation but I find this matter to be really one thing that I
believe I would never understand. It sort of feels too complicated and very extensive for me.
I’m having a look ahead to your next submit, I will attempt to get the
dangle of it!
I am sure this article has touched all the internet viewers, its really
really fastidious article on building up new weblog.
It’s very straightforward to find out any matter on web as compared to books, as I found this
paragraph at this web page.
И зеркала для телефонов тоже актуальны!
Hello, I think your website might be having browser compatibility
issues. When I look at your blog in Opera, it looks fine but when opening in Internet Explorer, it has
some overlapping. I just wanted to give you a quick heads up!
Other then that, superb blog!
I read this post fully on the topic of the comparison of most recent and previous technologies,
it’s awesome article.
Hi! I know this is kind of off topic but I was
wondering which blog platform are you using for
this site? I’m getting sick and tired of WordPress because I’ve had
problems with hackers and I’m looking at options for another platform.
I would be great if you could point me in the
direction of a good platform.
Thanks , I have just been looking for info about this subject
for a while and yours is the greatest I’ve came upon so far.
However, what concerning the conclusion? Are you positive about the source?
Also visit my web page :: Nexus Engine