Tuesday, July 03, 2007

MPack Malware Exposes Cheapskate Web Hosts

John Leyden writes on The Register:

Poor configuration of Apache servers allowed multiple websites hosted on the same physical server to become infected in last month's Mpack compromise.

An analysis by security researchers at the SANS Institute's Internet Storm Centre reveals that only one of the websites hosted on a machine needed to contain a vulnerable PHP script to infect all the sites hosted on systems, in cases where Apache permissions were improperly configured. Often the root cause of the problem is when hosting firms skimp on hardware needed to add an extra layer of protective virtualisation.

More here.

0 Comments:

Post a Comment

<< Home