Hackers are able to gain access to larger numbers of servers than previously thought because they do not have to guess passwords to access those systems. They have discovered a bug in Gogs, which is a tool that many developers use to store and share their code, that was previously undiscovered by the developers of Gogs.
So far, hackers have been able to hack over 700 servers and will continue to do so until Gogs is not patched. That should be concerning to developers!
So what went wrong here?
A zero-day vulnerability was discovered by hackers. A zero-day vulnerability means there are currently no patches available for the vulnerability. In this case the zero-day vulnerability allows attackers to exploit Gogs' handling of files.
Just imagine, one configuration error can allow anyone with Internet access to view your source code and sensitive files as well as other systems on that same network. Would you leave your front door wide open every night?
So far, hackers have been able to hack over 700 servers and will continue to do so until Gogs is not patched. That should be concerning to developers!
What is Gogs, and why are people using it?
Gogs is a Git service, it was created as an alternative to GitHub, where developers can host code on their own servers. Gogs appears to be simpler and lighter than GitHub, which is why some teams have chosen Gogs as their Git service of choice. However, if you host applications and services yourself, security becomes your responsibility.So what went wrong here?
A zero-day vulnerability was discovered by hackers. A zero-day vulnerability means there are currently no patches available for the vulnerability. In this case the zero-day vulnerability allows attackers to exploit Gogs' handling of files.
What attackers can do
- Create a user account if user sign-up registration is still open
- Manipulate Gogs to modify critical system files
- Execute their own commands on the server
Why is this a serious issue?
Security Researchers discovered that there are over 1,400 Gogs instances publicly accessible on the Internet. Over 700 of these have already been compromised. It is quite alarming how many instances there are.Just imagine, one configuration error can allow anyone with Internet access to view your source code and sensitive files as well as other systems on that same network. Would you leave your front door wide open every night?
What actions should server owners take now?
If you're running a Gogs instance, you must take immediate action:- Disable public user registrations if you haven't done so already
- Use a VPN or limit users by IP address
- Keep an eye on your server logs for unusual activity
