How do I explain to my girlfriend how the resumes of 200 million Chinese users were leaked

Early on Saturday morning, I was writing an interview evaluation for Friday’s interview. My girlfriend was reading the news.

Recently, external security researchers stumbled upon a poorly protected MongoDB database server. The entire instance contains 854GB of data and a total of 202,730,434 records, most of which are resumes of Chinese users with very detailed contents. Include full Chinese name, home address, telephone number, email, marital status, political affiliation, expected salary, etc.

This article isHow to explain to girlfriend why 12306 will user information leakage (on) – password”How to explain to your girlfriend why 12306 will leak user information (2) – attack”.

Drag the library

Drag-and-drop was originally a database term for exporting data from a database. Nowadays, it is used to refer to the database stolen by hackers after a website has been invaded.

The process by which hackers steal databases through technical means is called dragging libraries. It’s like a thief stealing something.

The usual steps for “drag and drop” are:

1. Hackers scan the target website for vulnerabilities, including SQL injection and file upload. (Thief stands guard)
2. Through this vulnerability, a “Webshell” is established on the website server to obtain the permission of the server operating system through the back door. (The thief tried to get into the house)
3. Use the system permission to directly download the backup database, or find the database link, and export it to the local. (The thief stole valuable things.)

Thieves want to steal the premise is to be able to enter, so, in the Internet, hackers through what means to invade the website?

Exploit vulnerabilities

The most common way of website invasion is that hackers use the vulnerability of the website to attack the website. The website vulnerabilities mentioned here include the vulnerabilities of the website application itself, the vulnerabilities of the WEB server used by the website, the vulnerabilities of the open source framework used by the website, and the vulnerabilities of the database used by the website.

For example, if an application is not protected against SQL injection or has file upload vulnerabilities, it is highly likely to be hacked.

Hackers may also use system vulnerabilities to hang horses on specific websites. If the website administrator visits these websites carelessly while maintaining the system, it may be implanted with Trojan horses, which will also cause the subsequent risk of dragging libraries.

Once vulnerabilities are discovered and exploited by hackers, they can be used to break into websites and steal databases.

Internal leakage

In addition to vulnerabilities that can be exploited by hackers, there are also cases that can be caused by people.

For example, one company programmer uploaded the address and plaintext password of the company database to Github.

Or it could be that an insider’s computer was hacked into by installing insecure software or visiting insecure websites, leading to an intrusion into the company’s servers.

It could even have been an inside leak.

How to prevent towing storage

The whole Web site, from the user browser to the back-end database, to experience a lot of links, each link may be taken advantage of by hackers, so, to do a good job of protection for each link.

(http://wemedia.ifeng.com/76236054/wemedia.shtml)

First of all, in code development, pay attention to whether there may be SQL injection, horizontal permission vulnerability, vertical permission vulnerability, XSS vulnerability, etc. Try to avoid being attacked at the application layer. Then there are the overlooked parts, such as databases, Web servers, and people.

Database security Protection

IP white list

Grant IP addresses only to webserver machines that need to access the database.

Example Change the default port number

For example, the default Mysql port number is 3306. You are advised to change it.

Each service uses an independent user name and password

At least make sure that different user names and passwords are used for different services. Even if one of these businesses is unfortunately attacked, it will not easily damage other businesses.

Do not save important data such as passwords in plain text

Desensitization of critical private data

Web Server Protection

Hide the server external IP address

If you want to reserve the Internet IP address, you can hide the IP address of the Web server by adding an access layer such as load balancing in front of the Web server.

Mask all ports except ports such as Web services

In addition to Web service ports such as 80,443 and some necessary operation and maintenance ports, other ports are shielded through the firewall.

Check and update the system regularly

Repair the vulnerabilities in time after they are found

Protection to people

Only specified O&M personnel are allowed to connect to the server
It is forbidden to disclose the project code of the company without permission of the company

Wash the library

“Washing library”, also known as hacker washing library, belongs to a kind of hacking, that is, hacking websites, through technical means to summarize and analyze valuable user data, selling for cash.

To put it simply, a thief steals a lot of stuff after breaking into a house. He sorts and fences the stolen goods.

Hit library

“Bump database” is a kind of dictionary table that hackers generate by collecting leaked information of users and passwords on the Internet. After trying to log in to other websites in batches, they can get a series of users who can log in. Many users use the same account password on different websites, so hackers can try to log in to WEBSITE B by obtaining users’ account on website A, which can be understood as A bump attack.

Put simply, it is a thief, burglary after stealing a set of keys, and then he took this set of keys, in the entire community door to door to unlock. This process is called collision.