When you're done with a Salesforce Site or Community (aka Experience Cloud), it's important to properly deactivate and abandon it. Leaving these resources unmonitored and unprotected could pose severe risks to your organization, leading to unauthorized access to sensitive data. Data security firm Varonis has dubbed these abandoned, unprotected, and unmonitored resources "ghost sites." "When these Communities are no longer needed, though, they are often set aside but not deactivated," Varonis Threat Labs researchers said in a new report shared with The Hacker News. "Because these unused sites are not maintained, they aren't tested against vulnerabilities, and Admins fail to update the site's security measures according to newer guidelines." Varonis said it found many of these deactivated (but still active) sites still fetching new data, thereby allowing threat actors to extract data by manipulating the host header in the HTTP request. Identifying the complete internal URLs associated with the sites is challenging but not impossible, as an adversary could leverage tools like SecurityTrails that track changes to DNS records. Compounding the risk further is the fact that the obsolete sites lack the latest security protections, making them an ideal target for threat actors looking to siphon sensitive information. To protect your organization, it's important to properly deactivate and abandon Salesforce Sites and Communities when you're done with them. Don't leave these resources unmonitored and unprotected - it could have serious consequences for your organization.
top of page
bottom of page