what is a auth_user_file.txt?

I assume that those crawlers are looking for auth_user_file.txt because its name is probably given in some tutorial for Apache’s mod_authn_file module; when an admin makes the mistake of putting the file in the webserver’s DOCROOT, then it is free for downloading by anyone who asks.

Once an attacker downloads the file, they can brute-force the password hashes, and gain access to the server’s resources using the broken password and stolen username. (Or, maybe they’ll just guess passwords based on the list of known good usernames; people have a habit of picking password and abc123…)

Leave a Comment