They’re Scanning for Your Backup Files

[ Scanning for Backup Files ] Just a reminder to keep your backup files offline. Do not store them in any publicly accessible space. It’s just not worth the risk man. And if you’re working online, you should know this already. If not, then continue reading to learn why it’s absolutely mission critical.

Game over

If someone finds a backup database file on your server, it’s game over. Any sensitive information stored in the database — like usernames, passwords, financial information, and so forth — can be harvested by thieves and used to make your life miserable. In short:

NEVER store your database/backup files in any public directory.

For years I’ve been seeing endless requests for backup database files. The scammers and thieves must be starving to death because there seems to be an increase in the following types of malicious requests (note that these are all from the same server scan):

If that’s not desperation, I don’t know what is.

Save your resources

So the grease bags are scanning for a wide variety of backup files, including requests for just about every combination of commonly used file names and types. Harvesting the previous set of URI requests, we get the following list of extensions:

.com, .sql, .gz, .bak, .zip, .php, .php~, .old, .rar, .tar, .tgz, .bz2, .7z, .txt

Most sites make use of some of these types, such as .php, .zip, and .txt, but many others such as .bak, .com, and .old generally serve no purpose in the public realm. This suggests that you could save some bandwidth and resources by blocking some of these requests outright. For example, you could add the following slice of .htaccess:

RedirectMatch 403 \.(com|sql|bak|php~|old|rar|tar|tgz|bz2|7z)$

Of course, that’s just an example; you would want to further trim the list of file types based on the actual resources available at your site. But the example should give you an idea of how to throttle some of the waste associated with endless scans for backup files.

Honestly, the backup scans are just ridiculous. And the saddest thing is that there must be enough people leaving their backup files online for these sorts of scans to be worthwhile. Really scary if you think about it.

Use a Firewall

Also FYI, my 6G Firewall includes some built-in protection against many types of backup scans. Specifically, requests for any of the following file types are blocked cold:

.bak, .out, .sql, .tar, .rar

So if you’re running 6G and get hit with a malicious scan for backup/database files, you’re protected automatically against a huge number of wasteful requests. And if .htaccess isn’t possible, my firewall plugin is dead easy to customize, so you can block whichever of these file extensions make sense for your site.

About blocking the more commonly used file types, such as .php and .zip, well, that’s up to you. But one thing that is absolutely critical regardless of whether you’re blocking these sorts of specific requests or not: NEVER store your database/backup files in any public directory. Otherwise it’s game over folks.