DocumentRoot and Private Keys
In the last few days I’ve noticed a few unusual GET requests for supposedly exposed SSH private keys. All requests are following the same pattern:
185.129.62.62 - - [05/May/2017] "GET /id_rsa HTTP/1.1" 185.129.62.62 - - [05/May/2017] "GET /.ssh/id_rsa HTTP/1.1" 192.42.116.16 - - [05/May/2017] "GET /id_rsa HTTP/1.1" 192.42.116.16 - - [05/May/2017] "GET /.ssh/id_rsa HTTP/1.1"
Most (if not all) requests I’ve seen have originated from Tor exit nodes. Should there be an actual vulnerability related to these scans, then I really wonder what kind of build system would be responsible for exposing private keys in this way. Oh well, I guess there is a package manager for that.
#DevOops