Sat 19 Jul 2008
Search
RSS Feed

RSS Feed

Edited by Paul Hales

Published by Incisive Media Investments Ltd.

Terms and Conditions of use.

To advertise in Europe e-mail here

To advertise in Asia email here.

To advertise in North America email here.

Join the INQbot Mail List for a weekly guide to our news stories:

Subscribe

Apache sites scalped by hack

10,000 sites infected

By Nick Farrell: Tuesday, 22 January 2008, 9:12 AM

INSECURITY experts believe that more than 10,000 sites running the Linux based Apache software may be hacked and trying to control visitors' computers.

Don Jackson, from Secureworks said that the hackers probably used stolen log-in details to gain access and then infected the Apache servers with a pair of files that generate constantly-changing JavaScript.

If a punter visits the hacked site they get walloped with nine exploits including a recent QuickTime vulnerability, the long-running Windows MDAC bug, and a fixed flaw in Yahoo Messenger.

Once a hole is opened, the victim receives a nice shiny new variant of the Trojan Rbot and are added to a botnet.

When the systems administrators, who owned the Apache boxes, were notified and reinstalled the software, the hack came back, apparently.

This lead Jackson to believe that it was a direct hack to the Linux server and not based on a vulnerability. He thinks that the only way the hacks will stop is when the Administrators change all the passwords and not just the FTP and Cpanel passwords.

More here. µ

Comments

Duh!

Gimme your password of the Inq, lets see how fast we can hack it and your Internet Exploder users....

And this is called hacking? Duh!
posted by : Bas, 22 January 2008

Exactly: Duh!

Okay,

1. Some sniffer or greatly (maybe not even?) influential "hacker?" uses a little social engineering to nix your creds.

2. Sniffer "hacker?" uses those creds to bump in as a root like user and does his/her dance all over you Apache box.

3. Site admins notice this and re-do everything and the problem still persists.

4. Repeat step 2-3 for every Apache server admin that got "hacked?" and never changed their creds.

Are peeps seriously that short on the stick of knowledge to not change your password after you've been smacked once (your own fault in the 1st place)? Honestly its such a simple concept a child knows how to do it... some one figures out the combination to you lock on your school locker, what do you do? stand there and watch them punters continuously dive into your locker or get the thing changed, but your web developer/professional(s) right?

Def(s): "hacker?" "hacked?" What part of this is hacking, honestly I do not consider social engineering "hacking" (well maybe brain hacking), neither are script kitty's.

What about Internet Exploder Bas? so does anyone know how to adjust security settings, or are we just click and go... bsd.
posted by : P!NG, 22 January 2008

Not just for Linux

Linux based? Come on, Nick, you can do better than that! Apache is certainly associated with Linux, but it has run on Windows for years. I think you meant "open source".
posted by : Tom Welsh, 23 January 2008

lol

This has nothing to do with open source -.-

Some guy went "hi gime ur pasword pl0x" and the admin went "lul kay her iut is!", and the guy used it to login and muck stuff up..
posted by : lol, 05 February 2008
IThound
Search for solutions, reports & analysis

Newsletter signup