[ news_security_news ]
Apache Neglect Leads To Problems
David Utter
Staff Writer
2007-07-27
 Insider Reports RSS Feed
It's difficult to imagine a responsible webmaster leaving the core server software unpatched when fixes for exploits emerge, but that seems to be happening on a number of legitimate websites.
Over half of the web servers hosting malware in the world run Apache. Since Apache has long been touted as being superior to Microsoft's Internet Information Server as a much more secure product, observers may wonder why Apache sites would be hosting malicious products.
Security firm Sophos said system administrators who don't update Apache are to blame.
"With a whopping 80 percent of all infected webpages found on legitimate sites, it begs the question as to why web hosts are not taking the necessary steps to properly secure their servers," said Graham Cluley, senior technology consultant at Sophos.
"Just using Apache on your web server doesn't mean you are now bullet-proof from hackers trying to plant malicious code on your site. It will be a wake-up call for some to see that malware is not just a Microsoft problem."
Sophos found 51 percent of server types affected by web threats in the first six months of 2007 were running Apache. Infections aren't limited to Windows platforms, and admins shouldn't think otherwise.
"Earlier this year, during a global ObfJS attack, in which legitimate sites were compromised so that they could serve up a malicious code, 98 percent of affected servers were running Apache - many of which were hosted on UNIX rather than Windows platforms," said Cluley.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
