Many may have already heard of apache killer which came out a couple of days ago - actually this is a vulnerability revealed by a google coder back in 2007, but just this week, Kingcope released a perl script that can take down any apache website in seconds.
A very simple perl script can be run from any remote machine - they need only plug your web server ip into the script = sudden death!
It gets worse - many routers do not run apache for their web server - but they DO run lighthttpd (such as Pfsense!!!) - which just happens to share the same vulnerable module that apache runs. So you better not have your management interface open to the public.
What can you do? Apache is due to release a patch shortly - within 96 hours as said HERE. which will most likely require a source compile, or wait further for pre-compiled packages for your platform.
Another rather pathetic alternative is to employ mod_security - which causes the web server process to fork in to several unique processes, so if you get attacked it will only kill the process serving that user - typically apache will run 8 or more unique processes (your config may vary) - which is helpful, but eventually they can still kill you. Here is a guide on setting up mod_security if you dont already have it.
Saturday, August 27, 2011
Subscribe to:
Posts (Atom)