Mass FTP Crawling
findex.cedsys.nlYour sidebar overpays the text on a narrow screen, making it impossible to read. People can scroll, your navigation does not need to be visible all the time.
What device are you viewing on? I'd say "impossible to read" is a pretty wild exaggeration. Looks fine to me.
It seems to have been fixed.
I fixed it. thanks for the headsup.
So right, it is not his responsibility to inform and educate, however his article is a great tool for the ones that do want to educate and help companies in NL.
It is not my responsibility to email every single person running a sensitive public FTP server. It is my responsibility to educate those that have the power to positively influence the situation more than I ever could - ISPs.
Previous title said: "I scanned a country on port 21 and analyzed the data". The country is The Netherlands.
Is there a way to contact the server owners to tell them about this? I feel bad that so many servers are open possibly without the knowledge of the owners.
There are 1+ million anonymous FTP servers on the Internet (https://www.shodan.io/report/OY7YoHou) and it's usually difficult to determine who the owner is. I haven't yet found a good way of notifying users, the best bet is to send the data to the respective ISP or CERT and hope for the best. On a related note: there needs to be way more attention on NAS devices. Many of them are connected to the Internet, poorly secured and in the process exposing huge amounts of personal data (not just through FTP).
FTP file indexing used to be how I found everything on the Internet before HTTP existed. Does anyone else remember Archie? (My coworkers thought I was a wizard.)
It is impossible to educate everyone about the risks of the cloud. Even if it goes mainstream :( I tried with my family many times, but they never fully understand it.
For most people nowadays, "the cloud" probably doesn't have anything to do with accessing an FTP server... specifically not a public FTP server unless the cloud hosts are absolutely careless...
I remember using sites like http://ftpsearch.ntnu.no probably 15 years ago to find very interesting files on public FTP servers (but I don't think that this one exists anymore)
These still work, and have been around for a long time as well:
(I don't know whether it's coincidence that they're both of Russian origin.)
The "Sensitive Files" add up to 7005, while the total number of files is 18088392. In other words, <0.04% of them.
The amount is much higher as I have only tried a limited amount of keywords. There are many servers that have complete backups of the Windows folder 'My Documents' for example. Combined, I'd say at least half of it is not meant to be public, thus sensitive.