An IT firm has found a serious security flaw in the Apache web server’s mod_isapi module. This flaw could allow a remote attacker to gain complete control of a database. All users of Apache 2.2.14 on Microsoft Windows servers should upgrade to version 2.2.15.
If you are hosting with Hen’s Teeth Network, your site is not affected by this issue.
Several of our clients had the unfortunate “opportunity” this week to clean up the mess after their web sites were hacked. An “iframe” had been inserted into several pages which caused people viewing these web sites to also – invisibly – download malicious JavaScript programming from servers in places such as China and Russia. I have listened as people vented fury at the cost, inconvenience, and sense of violation almost akin to a physical assault. I share those feelings, believe me!
The rest of this posting gives a bit of background on the hack and some “best practices” for keeping your web site safe from attacks including this one. (more…)
