Server Security

Server security is an ongoing battle with hackers. They are looking to exploit weaknesses in code before the authors of the code can patch these security weaknesses. Invariably these weaknesses in server security only become noticed after a hack has taken place and are usually of recent code. In this case however, the vulnerability has been found in code that has been around for a very long time, and not by a hacker but by coders of a legitimate company.

The fifteen year old weakness in the security of web servers has been identified by New Zealand Point of Sale company Vend.

The vulnerability was reported by itnews and can permit hackers to conduct Denial of Service attacks from infected machines which are designed to overload and disable targeted services and servers. Denial of Service attacks involve large amounts of traffic being sent from infected servers to the target server trying to be taken down.

The most vulnerable machines are those using Linux based operating systems although Windows servers running PHP or similar software are also vulnerable

An audit of our entire fleet of servers was conducted by Fluccs security engineers yesterday and all but one server was found to be already secure. The vulnerable server was immediately patched

Links

For more information and instructions on how to secure servers the following links provide useful information

httproxy

Red Hat

Apache