Jim Lawrence
accessd at shaw.ca
Sun May 5 17:36:39 CDT 2013
According to the article, it does appear that external access was gained through the web and we still have to look at Apache as a part of the problem. A web server should never allow unfettered access to the root operating system no matter what the situation. We never know what languages will be run on our web servers as they may be flaky in the extreme (the first versions of ASP comes to mind) but as long as root access is completely blocked via the web server interface, corrupted web sites are of minor nature. I have never heard of any Web server being blamed for directly or indirectly allowing access to the hosting server's root. This to my understanding is a historical first. Neither Cpanel or Plesk web management tools have been admitting any culpability and until their involvement can be proved, one way or the other, Apache seems to be the logical cause. The few hacks, that we have seen so far, may just be start of things unless the cause can proven other wise. Jim -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Hans-Christian Andersen Sent: Sunday, May 05, 2013 3:05 PM To: Discussion of Hardware and Software issues Subject: Re: [dba-Tech] The Apache web server is full of holes I'd just like to point out that, as far as I'm aware, researchers still do not know if this is a result of a security hole in Apache. As a matter of fact, that this exploit seems to only affect a relatively few number of servers and isn't spreading across the entire internet like wildfire indicates that it is most likely not a security issue with Apache, but with some other software. It has been suggested that it might be website hosting / management applications, like Cpanel and Plesk, that are the true culprit. What is interesting however, from the point of view from Apache, is simply that it appears the authors of this exploit / malware seem to have put a lot of thought into making their malware hide its traces so that the server admins or website owner aren't able to tell that they've been affected. But, like I said, it's unlikely that these hacks are a result of some security hole in Apache. - Hans On 2013-05-05, at 2:47 PM, "Jim Lawrence" <accessd at shaw.ca> wrote: > All leading software packages are searched for vulnerabilities and as always > they are eventual be found. Apache's impact into the web server market is > huge with more than half of all web sites using this back-end. > > Many holes have now been discovered and whether the Apache package should be > used for major sites is in debate. Maybe it is time to move to Nginx and > wait until the holes can all be properly plugged. > > With packages such as the Blackhole exploit kit, available to any > script-kiddies, > (http://nakedsecurity.sophos.com/2012/03/29/exploring-the-blackhole-exploit- > kit/) it will be a while before Apache is safe to use again. > > Here is an interesting article on the current > http://blog.sucuri.net/2013/04/apache-web-server-attacks-continue-to-evolve. > html > > Jim > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com