During an ongoing investigation, ZATAZ has discovered a hacker-distributed file containing over 200,000 websites ready to be hacked!
New shattering discovery for your favorite blog. During an ongoing investigation, a “known” pirate group was apprehended near Quebec City, I came face to face with a malicious proposal made by a hacker in a room outside the “net”. The Malicious Hacker I Will Call “Cracking Hack” [identité modifiée]offers over 200,000 error free sites for what it claims to be a sql injection.
As a reminder, this vulnerability allows, through some computer manipulations, to access the databases installed on a website, a server, etc.
Cracking Hack explains that its collection could be made from Dork Google, personal research and gathering from “fellow” hackers. On the 205,538 websites, more than 6,000 in .fr; 4,000.be; 2,030 in approx; etc The black hat gives the website url and the error space. In some cases, they offer multiple addresses.
Everything fallible? There is no doubt that you should test, it is prohibited and illegal. And even if I could, 200,000 doesn’t leave much time to do anything else. Cracking Hack is known in its community to be a “good seller” of websites and databases. Perhaps this list is the fruit of several months, of years of malicious peregrination. But a pirate signal, even weak, must be taken very seriously!
In the meantime ZATAZ protocol warned the competent authorities in France [ANSSI] and in Quebec [Ministère de la Cybersécurité et du Numérique].
To protect yourself from such a pirated feature? First, check the input in your applications. A simple apostrophe in a search engine, for example, becomes a significant indicator. Block special characters. It is strongly recommended to encrypt data that is considered sensitive on your server. Even in case of eavesdropping, the attacker will not see anything exploitable. Solutions, such as Cloudflare, help prevent malicious input. The safest bet is to contact a cyber security professional who can review and authorize the fix. ZATAZ Watch Service offers its customers to hide elements in the databases.