Security News > 2023 > September > Censys Reveals Open Directories Share More Than 2,000 TB of Unprotected Data

According to new research from Censys, an internet intelligence platform, more than 2,000 TB of unprotected data, including full databases and documents, are currently accessible in open directories around the world.

Figure A. Open directories can be found via Google Dorks, which are queries that can be used on the Google search engine to find specific content, such as open directories.

Why don't search engines prohibit people from seeing those open directories? Censys researchers told TechRepublic that "While this may initially sound like a reasonable approach, it's a bandage on the underlying issue of open directories being exposed on the internet in the first place. Just because a search engine doesn't display the results doesn't mean nefarious actors wouldn't be able to find them, but it could make it harder for defenders to easily find and remediate these instances. This also assumes that all open directories are 'bad.' While many of them are likely unintentionally exposed, it doesn't mean they all are."

Figure C. For the hosting category, the biggest number of exposed open directories is located at UnifiedLayer-AS-1, with more than 14,000 unique hosts containing open directories.

Censys categorized the files stored in these open directories based on the file extensions.

We asked Censys researchers if it is possible cybercriminals would create such open directories to infect visitors with malware, they answered, "It's possible, but there are far more effective malware delivery mechanisms than hoping someone will browse to an open directory and download a file. In cases where malware is hosted in open directories, it's more likely that the files are remotely downloaded to another host by a threat actor once they gain access to said other host."

News URL

https://www.techrepublic.com/article/censys-research-open-directories/