ProHoster > Blog > Utongi > dockerhub hacked

dockerhub hacked

dockerhub hacked

Maawa mashoma apfuura, vamwe vashandisi veDockerHub vakatumirwa maemail ane zvinotevera zvirimo:

"Nemusi weChina, Kubvumbi 25, 2019, takawana kupinda kusingatenderwe kune imwe yeDockerHub dhatabhesi, iyo inochengeta mamwe asiri emari data mushandisi. Pakuwanikwa, takabva tatora matanho anodiwa kuchengetedza data remushandisi.

Uye ikozvino tinoda kugovera ruzivo rwatakakwanisa kuwana panguva yekuferefeta, kusanganisira kuti ndeapi maakaundi eDockerHub akabatwa uye kuti ndeapi matanho anofanirwa kutorwa nevaridzi vawo izvozvi.

Hezvino izvo zvatakakwanisa kuziva:

Munguva pfupi yekuwana zvisina mvumo kuDockerHub dhatabhesi, data rakavanzika rinosvika zviuru zana nemakumi mapfumbamwe emaakaunti (risingasviki 190% yevashandisi vesevhisi) rinogona kuburitswa. Iyo data inosanganisira mazita ekushandisa uye password hashes echikamu chidiki chevashandisi vari pamusoro, pamwe neGitHub neBitBucket tokens dzinoshandiswa kugadzira otomatiki mudziyo unovaka.

Chii chinofanira kuitwa ikozvino:

- Isu tinokumbira vashandisi kuti vachinje mapassword eDockerHub uye chero mamwe maakaundi vachishandisa iyo password password.

- Isu takagadzirisa tokeni uye makiyi ekuwana evashandisi vanoshandisa otomatiki vanovaka vanogona kunge vakakanganiswa. Isu tinovakumbirawo kuti vatarise matura avo kune chero chiitiko chazvino chekufungidzira.

-Kutsvaga maitiro ekuferefeta chiitiko chekufungidzira pane yako GitHub neBitBucket account mumaawa makumi maviri nemana apfuura, tevera zvinongedzo. help.github.com/en/articles/reviewing-your-security-log и bitbucket.org/blog/new-audit-logs-give-you-the-who-what-when-and-where

-Izvi zvinogona kukanganisa zvazvino zvivakwa kubva kune yedu auto kuvaka sevhisi. Iwe unogona zvakare kuda kusunungura uye kubatanidza yako GitHub uye BitBucket account. Izvi zvakanyorwa zvakadzama pano. docs.docker.com/docker-hub/builds/link-source

Isu tichavandudza masisitimu edu ekuchengetedza uye kuongorora marongero edu. Isu takaisawo mamwe ma metrics ekutarisa zvinogona kuitika zvisiri pamutemo mune ramangwana.

Tichiri kuferefeta chiitiko ichi uye tichakuzivisai sezvo mamwe mashoko ari kuwanikwa."

Semazuva ese, tinotarisa tsamba dzedu pachedu, maakaundi edu mumasevhisi akaratidzwa, uye tinogadzirazve mapassword. Tichagadzirisa iyi positi sezvo ruzivo rutsva runowanikwa.

Vashandisi vakanyoresa chete ndivo vanogona kutora chikamu muongororo. Nyorera mu, Munogamuchirwa.

Wakagamuchira tsamba yakafanana here?

  • kuti

  • kwete

  • Ini handina DockerHub account

26 vashandisi vakavhota. 2 vashandisi vakaramba.

Source: www.habr.com

Voeg