I-Cloudflare ibhengeze ulwazi malunga nokuqhekezwa kwenye yeeseva zayo

I-Cloudflare, ebonelela ngenethiwekhi yokuhanjiswa komxholo echaza malunga ne-20% yetrafikhi ye-Intanethi, ipapashe ingxelo ye-hack enye yeeseva kwisiseko sayo, esebenza kwindawo yangaphakathi ye-wiki esekelwe kwiqonga le-Atlassian Confluence, i-Atlassian Jira. khupha inkqubo yokulandelela kunye nenkqubo yokulawula ikhowudi ye-Bitbucket. Uhlalutyo lubonise ukuba umhlaseli wakwazi ukufumana ukufikelela kumncedisi usebenzisa amathokheni afunyenwe ngenxa ye-Hack ka-Oktobha ye-Okta, eyakhokelela ekuvuzeni kwamathokheni okufikelela.

Emva kokubhengezwa kolwazi malunga ne-Okta hack ekwindla, i-Cloudflare iqalise inkqubo yokuhlaziya iziqinisekiso, izitshixo kunye namathokheni asetyenziswa kwiinkonzo ze-Okta, kodwa njengoko kwavela, ithokheni enye kunye nee-akhawunti ezintathu (ngaphandle kwamawaka amaninzi) ziphazamisekile ngenxa yoko. ye-Okta hack ayizange ithathelwe indawo kwaye iqhubekile isenzo, apho umhlaseli wathatha ithuba. Ezi ziqinisekiso zithathwa njengezingenakusetyenziswa, kodwa ngokwenene zivunyelwe ukufikelela kwi-platform ye-Atlassian, inkqubo yokulawula ikhowudi ye-Bitbucket, isicelo se-SaaS esinokufikelela kulawulo kwimo ye-Atlassian Jira, kunye nokusingqongileyo kwi-AWS ekhonza i-Cloudflare Apps directory, kodwa ayifuni. unokufikelela kwisiseko se-CDN kwaye ayigcini idatha eyimfihlo.

Esi siganeko asizange siyichaphazele idatha okanye iinkqubo zabasebenzisi beCloudflare. Uphicotho lufumanise ukuba olu hlaselo lukhawulelwe kwiinkqubo ezisebenzisa iimveliso zeAtlassian kwaye aluzange lusasazeke nakwezinye iinkqubo. iiseva, ngenxa yemodeli ye-Cloudflare ye-Zero Trust kunye nokwahlulwa kweendawo ezithile zeziseko zophuhliso.

I-Cloudflare server hack yafunyanwa ngoNovemba 23, kwaye umkhondo wokuqala wokufikelela okungagunyaziswanga kwinkqubo yokulandelela i-wiki kunye nomcimbi wafunyanwa ngoNovemba 14. Ngomhla wama-22 kuNovemba, umhlaseli wafaka ucango lwangasemva lokufikelela oluqhubekayo, olwenziwe kusetyenziswa iScriptRunner yeJira. Ngaloo mini inye, umhlaseli wafumana ukufikelela kwinkqubo yolawulo lwekhowudi yomthombo, eyayisebenzisa iqonga le-Atlassian Bitbucket. Emva koko, kwazanywa uqhagamshelo kwi-console. umncedisi, yayisetyenziselwa ukufikelela kwiziko ledatha elingekasebenzi eBrazil, kodwa yonke imizamo yokunxibelelana ayizange iphumelele.

Kuyabonakala ukuba, umsebenzi womhlaseli wawulinganiselwe ekufundeni i-architecture yenethiwekhi yokuhanjiswa komxholo kunye nokukhangela ubuthathaka. Umhlaseli usebenzise ukukhangela kwe-wiki kumagama angundoqo anxulumene nokufikelela kude, iimfihlo, i-openconnect, i-cloudflared, kunye namathokheni. Umhlaseli ubhale ukuvulwa kwamaphepha e-202 wiki (ngaphandle kwe-194100) kunye neengxelo zeengxaki ze-36 (ngaphandle kwe-2059357) ezinxulumene nokulawula ubuthathaka kunye nokujikeleza okubalulekileyo. Ukukhuphela i-120 code repositories (ngaphandle kwe-11904) nayo yafunyanwa, ininzi yazo ihambelana ne-backup, ukulungiswa kwe-CDN kunye nolawulo, iinkqubo zesazisi, ukufikelela kude kunye nokusetyenziswa kweqonga leTerraform kunye ne-Kubernetes. Ezinye zeendawo zokugcina ziqulethe izitshixo ezifihliweyo ezishiywe kwikhowudi, eziye zatshintshwa ngokukhawuleza emva kwesiganeko, nangona ukusetyenziswa kweendlela ezithembekileyo zokubethela.

umthombo: opennet.ru

Thenga ukusingathwa okuthembekileyo kwiindawo ezinokhuseleko lweDDoS, iiseva zeVPS VDS πŸ”₯ Thenga ukusingathwa kwewebhusayithi okuthembekileyo ngokhuseleko lwe-DDoS, iiseva zeVPS VDS | ProHoster