Mining Adminers – Hackers Scan the Internet For DB Scripts [source: blog.sucuri]
by CIRT Team
Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same time, it is not feasible to scan the whole internet with 330+ million domains and billions of web pages. Even Google can’t do it, but hackers are always getting better at reconnaissance.
Despite these limitations, scanning just 1% of the internet allows attackers to discover thousands of vulnerable sites. There are targeted scans that compile lists of websites with specific software components; for example, Magento sites or sites with a certain WordPress plugin. There are also campaigns that do broader scans of every known domain, probing for certain CMS, plugins, or even backdoors.
When attackers find a vulnerable site, they could attack it right away. On the other hand, this scanning process helps them compile specialized datasets for faster subsequent scans – when they are only interested in sites with certain software installed.
So how broad can these scans get? We can get an idea by using a script that hackers install on compromised sites in order to scan for other sites that have publicly accessible Adminer database management scripts.
For more detail, click here.