back to article Apache attack drives traffic to malware

A security researcher is warning that an attack on the Apache Web server is increasingly showing up in the wild, and has published a free Python tool to check their configurations. The attack is designed to avoid leaving disk footprints, according to this post analysing the backdoor. It exists as a modified httpd file that …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

As vague as the last post on this subject....

.... This really tells us nothing, just like the last post about this which was as equally vague.

No-one has explained anywhere how this "malware" gets onto my server in the first place. Apache config can only be updated by root. Apache services can only be restarted by root. Apache does not run as root....

4
0
Boffin

Re: As vague as the last post on this subject....

It's a cpanel vulnerability. It has nothing whatsoever to do with apache other than this particular virus replaces the apache daemon with its own version after it has exploited the vulnerability.

7
0
Silver badge

Re: As vague as the last post on this subject....

thank you. That explains it..

0
0
WTF?

Re: As vague as the last post on this subject....

Totally agree with the criticism of the article, very poor. The Register could do us all a service by rewriting it to explain things properly.

3
0
Anonymous Coward

Re: As vague as the last post on this subject....

I found the article on Ars (http://arstechnica.com/security/2013/04/admin-beware-attack-hitting-apache-websites-is-invisible-to-the-naked-eye/) a bit more informative. The comments are also a good read.

cPanel has been a thorn in the side for years, but it is (somewhat) useful.

We've been hit by plesk vulnerabilities before, right now the pros still outweigh the cons. But I'm open for suggestions by anyone to replace it with something less prone to attacks.

0
0
Anonymous Coward

Re: As vague as the last post on this subject....

So not only is it vague its also extremely misleading...

I remember when The Register had some technical credibility to it......

0
0
Black Helicopters

Backdoor on cPanel based servers

As advertised e.g. at the German online IT publication www.heise.de, this attack is based on cPanel installations running on top of Apache webservers, refering to the original discovery made by Sucuri:

http://blog.sucuri.net/2013/04/apache-binary-backdoors-on-cpanel-based-servers.html

A detailed study of the mechanisms of the backdoor can be found at:

http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/

2
0
Silver badge
Facepalm

Re: Backdoor on cPanel based servers

People run cpanel under the same owner as the httpd file ???

1
0
This topic is closed for new posts.

Forums