Mazuva mashoma apfuura ini paHabrΓ© nezve nzira iyo yeRussia online medical service DOC+ yakakwanisa kusiya dhatabhesi ine yakadzama yekuwana matanda munzvimbo yeruzhinji, kubva kwaigona kuwanikwa data yevarwere nevashandi vebasa. Uye hechino chiitiko chitsva, neimwe sevhisi yeRussia inopa varwere kuonana kwepamhepo navanachiremba - "Doctor Nearby" (www.drclinics.ru).
Ini ndichanyora pakarepo kuti nekuda kwekukwana kweChiremba ari Pedyo nevashandi, kukanganisa kwakakurumidza (2 maawa kubva panguva yekuzivisa usiku!) Kubviswa uye zvichida kwakanga kusina kubuda kwe data yega uye yezvokurapa. Kusiyana nechiitiko cheDOC +, kwandinoziva zvechokwadi kuti faira imwe chete yejson ine data, 3.5 GB muhukuru, yakaguma mu "nyika yakazaruka", uye nzvimbo yepamutemo inoita seizvi: "Nhamba shoma yedata yave kuwanikwa pachena kwenguva pfupi, izvo zvisingagone kutungamira kune zvakaipa kune vashandi nevashandisi veDOC + sevhisi.".
Neni, semuridzi weTeregiramu chiteshi "", munyoreri asingazivikanwe akabata uye akataura nezvekusagadzikana pawebhusaiti www.drclinics.ru.
Chinokosha chekusagadzikana ndechekuti, kuziva iyo URL uye kuva muhurongwa pasi peakaunti yako, unogona kuona data yevamwe varwere.
Kunyoresa account nyowani muDoctor Nearby system, iwe unongoda nharembozha inotumirwa SMS yekusimbisa, saka hapana anogona kuve nedambudziko rekupinda muakaundi yake.
Mushure mekunge mushandisi apinda muakaundi yake, anogona pakarepo, nekushandura URL mubhawa rekero yebrowser yake, kuona mishumo ine ruzivo rwemunhu rwevarwere uye kunyangwe kuongororwa kwekurapa.
Dambudziko rakakura nderekuti sevhisi inoshandisa kuenderera mberi kwenhamba dzemishumo uye inotogadzira URL kubva kunhamba idzi:
https://[Π°Π΄ΡΠ΅Ρ ΡΠ°ΠΉΡΠ°]/β¦/β¦/40261/β¦
Naizvozvo, zvaive zvakakwana kuseta iyo shoma inobvumidzwa nhamba (7911) uye iyo yepamusoro (42926 - panguva yekusagadzikana) kuverenga iyo yakazara nhamba (35015) yemishumo muhurongwa uye kunyangwe (kana paine chinangwa chakaipa) kudhawunirodha. iwo ose ane script nyore.
Pakati pe data raivepo rekutariswa paive: zita rakazara rachiremba nemurwere, mazuva ekuzvarwa kwachiremba nemurwere, nhamba dzerunhare dzachiremba nemurwere, murume kana mukadzi wachiremba uye murwere, email kero dzechiremba uye murwere, nyanzvi yezvechiremba. , zuva rekubvunzurudza, mari yekubvunzurudza uye mune dzimwe nguva kunyange kuongororwa (sekutaura kumushumo).
Kusagadzikana uku kwakafanana chaizvo nekwaive pane server ye microfinance sangano "Zaimograd". Zvadaro, nekutsvaga, zvakakwanisika kuwana zvibvumirano zve36763 zvine data yakazara yepasipoti yevatengi vesangano.
Sezvandakaratidza kubva pakutanga, vashandi veDoctor Nearby vakaratidza hunyanzvi chaihwo uye kunyangwe ndakavazivisa nezvekusagadzikana na23:00 (nguva yeMoscow), kuwana account yangu yega kwakavharwa kumunhu wese, uye ne1: 00 (nguva yeMoscow) kusagadzikana uku kwakagadziriswa.
Ini handigone kubatsira asi kukanda zvakare iyo PR dhipatimendi reiyo yakafanana DOC + (Mutsva Mushonga LLC). Kuzivisa "Nhamba shoma yedata yakaitwa kuti iwanikwe pachena", vanorasikirwa nekuona kuti isu tine "chinangwa chekutonga" data yatiinayo, iyo Shodan yekutsvaga injini. Sekunyatso cherechedzwa mumashoko echinyorwa ichocho - maererano naShodan, zuva rekutanga kugadziriswa kweiyo yakavhurika ClickHouse server paDOC + IP kero: 15.02.2019/03/08 00:17.03.2019:09, zuva rekupedzisira kugadziriswa: 52/ 00/40 XNUMX:XNUMX:XNUMX. Saizi yedatabase inenge XNUMX GB.
Paive ne15 zvigadziriso zvakazara:
15.02.2019 03:08:00
16.02.2019 07:29:00
24.02.2019 02:03:00
24.02.2019 02:50:00
25.02.2019 20:39:00
27.02.2019 07:37:00
02.03.2019 14:08:00
06.03.2019 22:30:00
08.03.2019 00:23:00
08.03.2019 14:07:00
09.03.2019 05:27:00
09.03.2019 22:08:00
13.03.2019 03:58:00
15.03.2019 08:45:00
17.03.2019 09:52:00Kubva pane chirevo zvinoratidzika kuti kwechinguva inopfuura zvishoma mwedzi, asi shoma data iyi inenge 40 gigabytes. Hongu handizive...
Asi ngatidzokere ku "Chiremba Ari Pedyo."
Parizvino, paranoia yangu yehunyanzvi inobatwa nedambudziko rimwe chete diki rasara - nemhinduro yeseva unogona kuona huwandu hwemishumo muhurongwa. Paunoyedza kuwana chirevo kubva kuURL isingasvikike (asi chirevo pachacho chiripo), sevha inodzoka ACCESS_DENIED, uye paunoedza kuwana chirevo chisipo, chinodzoka KUSAWANIKWA. Nekutarisa kuwedzera kwehuwandu hwemishumo muhurongwa nekufamba kwenguva (kamwe pasvondo, mwedzi, nezvimwewo), unogona kuongorora basa rebasa uye huwandu hwesevhisi inopihwa. Izvi, zvechokwadi, hazvityori data yega yevarwere uye vanachiremba, asi inogona kunge iri kutyora zvakavanzika zvekutengeserana kwekambani.
Source: www.habr.com