For any websites running off of Apache (which is quite a bit), you can help protect yourself from attacks by just disabling one simple thing: dynamic loading.  It looks like this feature has enabled hackers to attack websites in the U.S, U.K and India… thousands of them (them being websites).  This will probably be a very important feature for webmasters to know about since more and more websites appear on the web everyday running on Apache.  Let’s just hope this information will reach those webmasters…

Security vendor SecureWorks reported this week that the mass attack launched against Apache web servers running on the open-source Linux operating system can be thwarted by disabling dynamic loading in the Apache configuration.

The attack, originally thought to have impacted several hundred websites, actually has infected about 10,000 websites, including some in the United States but mostly in the United Kingdom and India, according to SecureWorks.

 

The compromised websites, mostly hobby and travel sites without security administrators to keep them updated, can infect their visitors with malicious JavaScript code that can steal a variety of personal information, including bank user names and passwords, Social Security and credit card numbers and online payment accounts, according to SecureWorks.[more]

Tags: Computer Protection