[LINK] Mass Infection of IIS/ASP Sites plants malware on thousands of webpages
Rick Welykochy
rick at praxis.com.au
Thu Jun 10 17:15:46 AEST 2010
Kim Holburn wrote:
> Most websites run linux or BSD or some variant of *nix. Perhaps when
> Microsoft has a larger share of the website market its webserver
> software will somehow be more secure.
Hrmmm ... that logic does not apply to desktop systems, where Microsoft
owns probably 85% share of the market.
For a while, whenever I received a phishing email I used to check what
kind of web server was used for the exploit. Every time, it was an Apache
web server running on Linux, and more times than not with (insecure) PHP
installed. There are many vectors of intrusion into *nix boxes, often via
software frameworks installed on top of the web server, e.g. Wordpress
on Apache as but one example. If you are on the security notification
lists you will know what I am talking about.
Conclusion: unless you or your admin is wary and knows what they are
doing, your server can probably be hacked with ease.
cheers
rickw
--
_________________________________
Rick Welykochy || Praxis Services
No position is so absurd that a philosopher cannot be found
to argue for it. -- Michael Lockwood
More information about the Link
mailing list