Thursday, April 4, 2013

Now we find out how many Postgres servers there really are

Seven years ago, the MySQL worm spread throughout the internet by taking advantage of a critical vulnerability in MySQL authentication on Windows.  Before the worm, I hadn't really believed Marten Mickos' claims about the number of MySQL installations.  Once over 30,000 servers were infected, though, I believed him.

Well, given the vulnerability announced and patched today, I think we'll have a chance to find out how many PostgreSQL servers there are.  You have updated your servers, right?

In the PostgreSQL world, we're used to thinking in terms of a few thousand users because that's the number which is active in the community and that we hear from regularly.  It's likely that today's vulnerability will show us how many PostgreSQL users there really are.  For example, this security scanner finds over 120,000 PostgreSQL servers which are listening on port 5432 on public IPs (and if your server is on that list, you'd better patch it!).

No idea why 40% of these servers are in Poland.  I had no idea that Depesz was that busy.  A word to the wise, Depesz: firewalls?

10 comments:

  1. home.pl - they are responsible for most of those in Poland. Their security requirements must be very low. They are a hosting provider. I had no idea they used postgresql...

    ReplyDelete
    Replies
    1. If anyone can contact home.pl and get them to update/firewall, please do ASAP!

      Delete
  2. @Josh:
    as Greg mentioned - it's mostly home.pl. I don't know anyone there (or I don't know that I know someone there), so I don't think I can help with this.

    My linkedin search doesn't show anyone working in home.pl that would be connected to me :(

    ReplyDelete
    Replies
    1. Apparently they're planning an update this weekend. Yay.

      Delete
  3. why not using Google translate and past a message here: https://home.pl/kontakt

    ReplyDelete
  4. Most postgres databases are behind firewalls so I presume if we have 120.000 public postgres servers the real numbers should be in the millions...

    ReplyDelete
  5. This comment has been removed by a blog administrator.

    ReplyDelete
  6. Its a pity that Poland gets the top rank in PostgreSQL statistics for unsecure servers... :o)

    Just as Hubert wrote, most of those results are from local ISPs.


    ReplyDelete
    Replies
    1. Well, given the number of Polish users we obviously have, why don't we have PUGs in Poland?

      Delete

  7. Home Lifestyle has a wide range of One Stop Home Essentials products suited for the Active, Busy, Mobile and City Living People, bringing the Quality of Life to a different level.

    ReplyDelete