[LINK] Storm Worm Botnet More Powerful Than Top Supercomputers
Rick Welykochy
rick at praxis.com.au
Tue Sep 11 13:26:37 AEST 2007
Adrian Chadd wrote:
>> No spam - reduced traffic costs - bring it on.
>
> Ah, the view of an ISP. :)
>
> I'm sure the next phase of spammers would then be owned VMs and colo servers
> running phpbb. God knows how many of those are out there.
Synchronicity! I just posted another thread regarding phishing and
ask why all the phishing servers I checked (sample size 15) are
running Apache and Linux.
BINGO! I believe that the many many corruptible PHP apps out there
are the reason. I am running a server in Montreal using VMs, and the
attacks reported by our IDS are enlightening to say the least. Top
of the list are PHP attacks on our Apache (we DO NOT run PHP!), as
well as brute force attacks on sshd. And lots of Microsoft SQL
and other services attacks.
But PHP has got to be the big winner. And I posit the vector used by
phishers to get the server-side of their job done.
Ironic, isn't it, that PHP is the language of choice for millions of
amateur web designers. By its own ubiquity and many many failings
PHP is responsible for a lot of server damage on the 'Net.
cheers
rickw
--
_________________________________
Rick Welykochy || Praxis Services
I won't bother trying to set anyone straight as to my rather complex feelings
about Microsoft, but I must admit that I do hate Windows because it has so
shamefully lowered our expectations of what quality software should be.
-- Nicholas Petreley, Infoworld, 4-Feb-2000
More information about the Link
mailing list