Leftover files are putting visitors to popular websites at risk

Exposed leftover files have been found on dozens of the world’s most popular sites

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Although it may be difficult for web administrators to keep an eye on every single file, the most severe server breaches are often the result of the least noticeable security holes on their websites and leftover files are one such example.

By analyzing the top 35,000 websites from the Alexa top 1m list,CyberNewsdiscovered that 82 of the most popular websites had leftover files exposed to anyone and accessible without authorization.

CyberNewsresearcher Martynas Vareikis provided further insight on the dangers posed by leftover files in anew report, saying:

“From overlooked database history and DS_STORE files to GIT repositories, even a single exposed item can open millions, if not billions, of visitors to a plethora of potential dangers, including data breaches, phishing attacks, identity theft, or worse.”

To make matters worse, the reach of the affected sites is massive and the news outlet estimates that these sites receive around 17m total visits a month. The list is also made up of sites from all over the world includingdomainsfrom the US, Russia, Japan, China, Germany, France, Korea, the Netherlands and more and these sites are even linked to by government and educational organizations.

Exposed leftover files

To conduct their investigation,CyberNewsresearchers scanned the 35,000 most-visited websites on the internet for exposed DS-STORE, ENV AND MYSQL_HISTORY files as well asGitrepositories and then analyzed the output and removed any false positives.

When it came to the types of leftover files found on the world’s most-visited sites, Desktop Services Store (DS_STORE) files topped the list with over 81 exposed instances overall followed by exposed GIT directories with 24 instances and MYSQL_HISTORY and ENV files with four exposed instances of each file type discovered during the investigation.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

By analyzing these exposed files, malicious actors can collect information about the contents of folders stored in web servers which can lead them to unprotected files containingsensitive dataand allow them to accesscredentials.

Founder of the cyber defense and threat detection service provider Melurna, Sam Jadali explained toCyberNewshow leftover files can be used by cybercriminals to perform lateral attacks, injectmalwareor to launchransomwareattacks, saying:

“The ubiquitous and pervasive nature of these bots makes it increasingly easy to compromise servers. Web and app developers may forget to delete backups, application environment or MySQL history files. When left in publicly accessible locations, bad actors use the data to discover credentials, map server infrastructure, perform lateral attacks, inject malware, or infect servers with ransomware. Using today’s advanced technology, hackers can scan the global internet IPv4 range in less than 5 minutes.”

To mitigate the security threats from leftover files, Jadali recommends that web server administrators validate input from users, handle exceptions, use browser security headers, implementIdentity and Access Management, run automatic security products to highlight vulnerabilities during development, testing and deployment and perform manualpenetration testingon a regular basis.

Looking to improve your security online? Check out our list of thebest antivirus softwareand protect your privacy with one of thebest VPNservices

ViaCyberNews

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well