Thread: BUG #14194: Why do these bases are open to public access?
VGhlIGZvbGxvd2luZyBidWcgaGFzIGJlZW4gbG9nZ2VkIG9uIHRoZSB3ZWJz aXRlOgoKQnVnIHJlZmVyZW5jZTogICAgICAxNDE5NApMb2dnZWQgYnk6ICAg ICAgICAgIEFsZXgKRW1haWwgYWRkcmVzczogICAgICB5b2Jhc0Biay5ydQpQ b3N0Z3JlU1FMIHZlcnNpb246IFVuc3VwcG9ydGVkL1Vua25vd24KT3BlcmF0 aW5nIHN5c3RlbTogICBXaW5kb3dzIDcgeDY0CkRlc2NyaXB0aW9uOiAgICAg ICAgCgpJIHdpbGwgYmVnaW4gaW1tZWRpYXRlbHkgd2l0aCB0aGUgZmFjdCwg aWYgd2UgbG9vayBmb3IgYW4gaW5xdWlyeSBzaG9kYW4uaW8KImRhdGFiYXNl ICJ0ZW1wbGF0ZTAiIGlzIG5vdCBjdXJyZW50bHkiLCB0aGVuIHdlIGhhdmUg YSBsaXN0IG9mIDU5NjAgaG9zdHMKYW4gb3BlbiBkYXRhYmFzZS4gSGVyZSBh cmUgYSBjb3VwbGUgb2YgZXhhbXBsZXMgaW4gcGljdHVyZXMKaHR0cHM6Ly95 YWRpLnNrL2QvXzdjSzdDeE5zV3M2aQoK
On Wed, Jun 15, 2016 at 3:25 PM, <yobas@bk.ru> wrote: > The following bug has been logged on the website: > > Bug reference: 14194 > Logged by: Alex > Email address: yobas@bk.ru > PostgreSQL version: Unsupported/Unknown > Operating system: Windows 7 x64 > Description: > > I will begin immediately with the fact, if we look for an inquiry > shodan.io > "database "template0" is not currently", then we have a list of 5960 host= s > an open database. Here are a couple of examples in pictures > https://yadi.sk/d/_7cK7CxNsWs6i Maybe something is getting lost in translation here, and sorry, but I'm not going to click a random link for this...but "template0" is basically a system database that should never be touched.=E2=80=8B The behavior you ar= e seeing is intended. This is not a bug nor, really, a good bug report. It usually helps to actually ask a question and/or state what your expectation is. David J.
On Thu, Jun 16, 2016 at 9:57 AM, David G. Johnston < david.g.johnston@gmail.com> wrote: > On Wed, Jun 15, 2016 at 3:25 PM, <yobas@bk.ru> wrote: > >> The following bug has been logged on the website: >> >> Bug reference: 14194 >> Logged by: Alex >> Email address: yobas@bk.ru >> PostgreSQL version: Unsupported/Unknown >> Operating system: Windows 7 x64 >> Description: >> >> I will begin immediately with the fact, if we look for an inquiry >> shodan.io >> "database "template0" is not currently", then we have a list of 5960 hos= ts >> an open database. Here are a couple of examples in pictures >> https://yadi.sk/d/_7cK7CxNsWs6i > > > Maybe something is getting lost in translation here, and sorry, but I'm > not going to click a random link for this...but "template0" is basically = a > system database that should never be touched.=E2=80=8B The behavior you = are seeing > is intended. This is not a bug nor, really, a good bug report. It usual= ly > helps to actually ask a question and/or state what your expectation is. > > David J. > David - I agree with you. Taking a look at the shodan.io "Search Engine for IoT" my guess is this was a surprise to have ~6K postgresql hosts exposed on the internet. Of course, PostgreSQL by default does not allow remote connections and it is up to the user to expose the port through their firewall to the wide open internet.
On Thu, Jun 16, 2016 at 10:57 PM, David G. Johnston <david.g.johnston@gmail.com> wrote: > This is not a bug nor, really, a good bug report. This is not a bug report at all. Misconfiguration is not something that can be qualified as such. -- Michael