

Mass FTP Crawling - dsc_
http://findex.cedsys.nl/research/mass-ftp-crawling/

======
lcswi
Your sidebar overpays the text on a narrow screen, making it impossible to
read. People can scroll, your navigation does not need to be visible all the
time.

~~~
nikmobi
What device are you viewing on? I'd say "impossible to read" is a pretty wild
exaggeration. Looks fine to me.

~~~
lcswi
It seems to have been fixed.

~~~
dsc_
I fixed it. thanks for the headsup.

------
vachi
So right, it is not his responsibility to inform and educate, however his
article is a great tool for the ones that do want to educate and help
companies in NL.

~~~
dsc_
It is not my responsibility to email every single person running a sensitive
public FTP server. It is my responsibility to educate those that have the
power to positively influence the situation more than I ever could - ISPs.

------
vowelless
Previous title said: "I scanned a country on port 21 and analyzed the data".
The country is The Netherlands.

Is there a way to contact the server owners to tell them about this? I feel
bad that so many servers are open possibly without the knowledge of the
owners.

~~~
achillean
There are 1+ million anonymous FTP servers on the Internet
([https://www.shodan.io/report/OY7YoHou](https://www.shodan.io/report/OY7YoHou))
and it's usually difficult to determine who the owner is. I haven't yet found
a good way of notifying users, the best bet is to send the data to the
respective ISP or CERT and hope for the best. On a related note: there needs
to be way more attention on NAS devices. Many of them are connected to the
Internet, poorly secured and in the process exposing huge amounts of personal
data (not just through FTP).

------
wrs
FTP file indexing used to be how I found everything on the Internet before
HTTP existed. Does anyone else remember Archie? (My coworkers thought I was a
wizard.)

------
coppolaemilio
It is impossible to educate everyone about the risks of the cloud. Even if it
goes mainstream :( I tried with my family many times, but they never fully
understand it.

~~~
slxh
For most people nowadays, "the cloud" probably doesn't have anything to do
with accessing an FTP server... specifically not a public FTP server unless
the cloud hosts are absolutely careless...

I remember using sites like
[http://ftpsearch.ntnu.no](http://ftpsearch.ntnu.no) probably 15 years ago to
find very interesting files on public FTP servers (but I don't think that this
one exists anymore)

~~~
userbinator
These still work, and have been around for a long time as well:

[http://www.filesearching.com/](http://www.filesearching.com/)

[http://www.mmnt.ru/int/](http://www.mmnt.ru/int/)

(I don't know whether it's coincidence that they're both of Russian origin.)

------
userbinator
The "Sensitive Files" add up to 7005, while the total number of files is
18088392. In other words, <0.04% of them.

~~~
dsc_
The amount is much higher as I have only tried a limited amount of keywords.
There are many servers that have complete backups of the Windows folder 'My
Documents' for example. Combined, I'd say at least half of it is not meant to
be public, thus sensitive.

