Possible database backup
Description
Manual confirmation is required for this alert.
One or more files that appear to be database backups have been identified on the web server. Database backups typically contain SQL dump files with complete table structures, data records, and potentially sensitive configuration information. These files are commonly created for disaster recovery purposes and may include usernames, password hashes, personal information, business data, and system configurations. Database backups should never be accessible via web servers as they represent a complete snapshot of application data at a specific point in time.
Remediation
Take immediate action to remove database backup files from web-accessible directories. Follow these steps:
1. Immediate Remediation: Delete or move all database backup files from the web root and any publicly accessible directories to a secure location outside the web server's document root.
2. Access Control: If backups must remain on the server temporarily, restrict access using web server configuration. For Apache, use:
<FilesMatch "\.(sql|dump|bak|backup)$">
Require all denied
</FilesMatch>For Nginx:location ~* \.(sql|dump|bak|backup)$ {
deny all;
return 404;
}3. Secure Storage: Store database backups in dedicated backup systems or secure storage locations with appropriate access controls, encryption at rest, and audit logging enabled.
4. Automated Cleanup: Implement automated processes to ensure backup files are never created in web-accessible locations and are automatically transferred to secure storage.
5. Security Audit: Review your backup procedures and file naming conventions to prevent future exposure. Scan for similar files using patterns like *.sql, *.dump, *.bak, and database names.