Seven years ago, the MySQL worm spread throughout the internet by taking advantage of a critical vulnerability in MySQL authentication on Windows. Before the worm, I hadn't really believed Marten Mickos' claims about the number of MySQL installations. Once over 30,000 servers were infected, though, I believed him.
Well, given the vulnerability announced and patched today, I think we'll have a chance to find out how many PostgreSQL servers there are. You have updated your servers, right?
In the PostgreSQL world, we're used to thinking in terms of a few thousand users because that's the number which is active in the community and that we hear from regularly. It's likely that today's vulnerability will show us how many PostgreSQL users there really are. For example, this security scanner finds over 120,000 PostgreSQL servers which are listening on port 5432 on public IPs (and if your server is on that list, you'd better patch it!).
No idea why 40% of these servers are in Poland. I had no idea that Depesz was that busy. A word to the wise, Depesz: firewalls?
home.pl - they are responsible for most of those in Poland. Their security requirements must be very low. They are a hosting provider. I had no idea they used postgresql...ReplyDelete
If anyone can contact home.pl and get them to update/firewall, please do ASAP!Delete
as Greg mentioned - it's mostly home.pl. I don't know anyone there (or I don't know that I know someone there), so I don't think I can help with this.
My linkedin search doesn't show anyone working in home.pl that would be connected to me :(
Apparently they're planning an update this weekend. Yay.Delete
why not using Google translate and past a message here: https://home.pl/kontaktReplyDelete
Most postgres databases are behind firewalls so I presume if we have 120.000 public postgres servers the real numbers should be in the millions...ReplyDelete
This comment has been removed by a blog administrator.ReplyDelete
Its a pity that Poland gets the top rank in PostgreSQL statistics for unsecure servers... :o)ReplyDelete
Just as Hubert wrote, most of those results are from local ISPs.
Well, given the number of Polish users we obviously have, why don't we have PUGs in Poland?Delete
Home Lifestyle has a wide range of One Stop Home Essentials products suited for the Active, Busy, Mobile and City Living People, bringing the Quality of Life to a different level.