Our Very Own Armageddon

With the obvious reliability of GNU/Linux and Apache web-server we have been a bit too relaxed. Unlike those folks running that other OS who get zero-day attacks every few weeks, we have to wait a year or so for something interesting to come along…
“The ongoing attacks, estimated to have infected 20,000 websites in the past few weeks alone, are significant because of their success in targeting Apache, by far the Internet’s most popular Web server software. Once it takes hold, Darkleech injects invisible code into webpages, which in turn surreptitiously opens a connection that exposes visitors to malicious third-party websites, researchers said. Although the attacks have been active since at least August, no one has been able to positively identify the weakness attackers are using to commandeer the Apache-based machines.”
see Exclusive: Ongoing malware attack targeting Apache hijacks 20,000 sites

Fortunately there are millions of Apache sites, so mine might survive until a fix is released. It could be nothing more than weak passwords/keys or a vulnerable web-application. Stay tuned.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , , . Bookmark the permalink.

4 Responses to Our Very Own Armageddon

  1. Yonah says:

    I like how he repeats your full name six times. Show me all the blueprints!

  2. oiaohm says:

    George Wilson Linux world does like to track down to who is responsible for the error.

    There are FLOSS audit tools for php and other things.

    George Wilson more details to know who is to blame here. One suspect is cpanel that is a closed source part. George Wilson at this stage it might not even be Apache itself.

    George Wilson FLOSS you get to choose if you go security by belief or security by Audit.

    George Wilson I want for you to tell me how you are using anything more than belief that it secure when you use most closed source products.

    Sorry George Wilson person standing in glass house should not throw stones.

  3. George Wilson says:

    There is a time, ram, when you have to decide who to blame: with Windows you have decided never to blame the users, as in your demented mind it’s always Microsoft’s fault.

    But Apache being a shining beacon in the Linux world … no, there it has to be the users’ fault. Because everything else would taint FLOSS.

    FLOSS — security by belief.

  4. ram says:

    Apache runs on more than Linux servers, so the combination of some other OS and Apache could be a problem. Apache also has tons of mods available, and one or more of them could be a problem.

    On any platform, Apache can be configured in ways that are grossly insecure. That is the most likely problem — unskilled systems administrators.

Leave a Reply