Websites are the new battleground between malicious hackers and the general public. Malicious individuals and organizations use websites as a conduit for spreading malware. More than 6,600 otherwise benign websites are compromised every single day. One of the primary enablers of this kind of compromise is the amount of publicly available data about a website, which makes the job of a malicious hacker easy.
In this post we will show how sensitive information about more than 300,000 websites is easily accessible on the Internet. This sensitive information is related to the file system, user names and other critical information which could be used to compromise the security of websites.
What Type of Data is Leaked?
This post focuses on the immense problem of data leakage and how it affects thousands of websites on the Internet today. Data leakage from websites can be categorized in two major groups.
Unfortunately, it is extremely easy to identify system information, as we show next.
How is the Data Leaked?
A popular and widely deployed FTP client, WS_FTP makes it extremely easy to transfer files using FTP. One drawback of using this popular piece of software is that it usually creates a log file. Most administrators using this software may not pay attention to this default behavior. These log files contain sensitive information such as file source and destination, file name, date and time of upload and more.
More importantly administrators do not realize that when they upload files using this software to their websites, this log file is uploaded and made publicly available. This is the starting point for a malicious hacker gain sensitive information about a website. This issue has been well-known for years now, yet it continues to be pervasive.  
To identify websites with this type of data leak on the Internet, one only needs to use the below search term in a popular search engine.
This type of data leak is even present on a very large American news network’s website.
100.02.01 15:28 B L:\content\interactive\virtual\.HSancillary --> bolivia.[scrubbed].com /www/[scrubbed]/interactive/virtual .HSancillary 100.02.01 15:28 B L:\content\interactive\virtual\360.txt --> bolivia.[scrubbed].com /www/[scrubbed]/interactive/virtual 360.txt 100.02.01 15:28 B L:\content\interactive\virtual\3d.txt --> bolivia.[scrubbed].com /www/[scrubbed]/interactive/virtual 3d.txt 100.02.01 15:28 B L:\content\interactive\virtual\champagne.buying.txt --> bolivia.[scrubbed].com /www/[scrubbed]/interactive/virtual champagne.buying.txt 100.02.01 15:28 B L:\content\interactive\virtual\champagne.txt --> bolivia.[scrubbed].com /www/[scrubbed]/interactive/virtual champagne.txt 100.02.01 15:28 B L:\content\interactive\virtual\elex.features.txt --> bolivia.[scrubbed].com /www/[scrubbed]/interactive/virtual elex.features.txt 100.02.01 15:28 B L:\content\interactive\virtual\hurricane.info.txt --> bolivia.[scrubbed].com /www/[scrubbed]/interactive/virtual hurricane.info.txt 100.02.01 15:28 B L:\content\interactive\virtual\prim.polls.txt --> bolivia.[scrubbed].com /www/[scrubbed]/interactive/virtual prim.polls.txt 100.02.01 15:28 B L:\content\interactive\virtual\prim.results.txt --> bolivia.[scrubbed].com /www/[scrubbed]/interactive/virtual prim.results.txt 100.02.01 15:28 B L:\content\interactive\virtual\town.meeting.txt --> bolivia.[scrubbed].com /www/[scrubbed]/interactive/virtual town.meeting.txt
Data Leaked from the WS_FTP Log
What can we tell from the information in the logs?
How to Mitigate the WS_FTP Data Leak?
Prevent the log file from being created:
It is clear that data leakage is a big problem on the Internet. Popular software like WS_FTP allows sensitive information to be leaked unwillingly, helping a malicious hackers to break in. More than 6,600 benign websites are compromised everyday, don’t let your website be one of them. For more information about how we can help you, please feel free to visit our services page.