Thread: BUG #14194: Why do these bases are open to public access?

BUG #14194: Why do these bases are open to public access?

From

yobas@bk.ru

Date:

16 June 2016, 16:40:04

VGhlIGZvbGxvd2luZyBidWcgaGFzIGJlZW4gbG9nZ2VkIG9uIHRoZSB3ZWJz
aXRlOgoKQnVnIHJlZmVyZW5jZTogICAgICAxNDE5NApMb2dnZWQgYnk6ICAg
ICAgICAgIEFsZXgKRW1haWwgYWRkcmVzczogICAgICB5b2Jhc0Biay5ydQpQ
b3N0Z3JlU1FMIHZlcnNpb246IFVuc3VwcG9ydGVkL1Vua25vd24KT3BlcmF0
aW5nIHN5c3RlbTogICBXaW5kb3dzIDcgeDY0CkRlc2NyaXB0aW9uOiAgICAg
ICAgCgpJIHdpbGwgYmVnaW4gaW1tZWRpYXRlbHkgd2l0aCB0aGUgZmFjdCwg
aWYgd2UgbG9vayBmb3IgYW4gaW5xdWlyeSBzaG9kYW4uaW8KImRhdGFiYXNl
ICJ0ZW1wbGF0ZTAiIGlzIG5vdCBjdXJyZW50bHkiLCB0aGVuIHdlIGhhdmUg
YSBsaXN0IG9mIDU5NjAgaG9zdHMKYW4gb3BlbiBkYXRhYmFzZS4gSGVyZSBh
cmUgYSBjb3VwbGUgb2YgZXhhbXBsZXMgaW4gcGljdHVyZXMKaHR0cHM6Ly95
YWRpLnNrL2QvXzdjSzdDeE5zV3M2aQoK

Re: BUG #14194: Why do these bases are open to public access?

From

"David G. Johnston"

Date:

16 June 2016, 16:57:15

On Wed, Jun 15, 2016 at 3:25 PM, <yobas@bk.ru> wrote:

> The following bug has been logged on the website:
>
> Bug reference:      14194
> Logged by:          Alex
> Email address:      yobas@bk.ru
> PostgreSQL version: Unsupported/Unknown
> Operating system:   Windows 7 x64
> Description:
>
> I will begin immediately with the fact, if we look for an inquiry
> shodan.io
> "database "template0" is not currently", then we have a list of 5960 host=
s
> an open database. Here are a couple of examples in pictures
> https://yadi.sk/d/_7cK7CxNsWs6i

Maybe something is getting lost in translation here, and sorry, but I'm not
going to click a random link for this...but "template0" is basically a
system database that should never be touched.=E2=80=8B  The behavior you ar=
e seeing
is intended.  This is not a bug nor, really, a good bug report.  It usually
helps to actually ask a question and/or state what your expectation is.

David J.

Re: BUG #14194: Why do these bases are open to public access?

From

"Rader, David"

Date:

16 June 2016, 18:34:52

On Thu, Jun 16, 2016 at 9:57 AM, David G. Johnston <
david.g.johnston@gmail.com> wrote:

> On Wed, Jun 15, 2016 at 3:25 PM, <yobas@bk.ru> wrote:
>
>> The following bug has been logged on the website:
>>
>> Bug reference:      14194
>> Logged by:          Alex
>> Email address:      yobas@bk.ru
>> PostgreSQL version: Unsupported/Unknown
>> Operating system:   Windows 7 x64
>> Description:
>>
>> I will begin immediately with the fact, if we look for an inquiry
>> shodan.io
>> "database "template0" is not currently", then we have a list of 5960 hos=
ts
>> an open database. Here are a couple of examples in pictures
>> https://yadi.sk/d/_7cK7CxNsWs6i
>
>
> Maybe something is getting lost in translation here, and sorry, but I'm
> not going to click a random link for this...but "template0" is basically =
a
> system database that should never be touched.=E2=80=8B  The behavior you =
are seeing
> is intended.  This is not a bug nor, really, a good bug report.  It usual=
ly
> helps to actually ask a question and/or state what your expectation is.
>
> David J.
>

David - I agree with you. Taking a look at the shodan.io "Search Engine for
IoT" my guess is this was a surprise to have ~6K postgresql hosts exposed
on   the internet. Of course, PostgreSQL by default does not allow remote
connections and it is up to the user to expose the port through their
firewall to the wide open internet.

Re: BUG #14194: Why do these bases are open to public access?

From

Michael Paquier

Date:

17 June 2016, 04:18:20

On Thu, Jun 16, 2016 at 10:57 PM, David G. Johnston
<david.g.johnston@gmail.com> wrote:
> This is not a bug nor, really, a good bug report.

This is not a bug report at all. Misconfiguration is not something
that can be qualified as such.
--
Michael