Ensuring your server is protected 24/7 is of critical importance and a new Apache exploit that uses the server platform as part of a scam to acquire online bank details has reaffirmed the need for security. Dark Reading reports Eset has discovered an Apache attack that adds malware to web pages on a web server, which is able to hide its presence. The malware then convinces the Apache software into infecting a visitor’s PC with the software, which can then be used to steal banking logins and passwords.
Security intelligence program manager for Eset Pierre-Marc Bureau explained the company was worried when it unearthed the vulnerability, which has the potential to be very widespread. “More than half of all web servers on the internet use Apache, so when we discovered a malicious Apache module in the wild last month, being used to inject malicious content into web pages displayed by compromised web servers, we were understandably concerned,” he remarked.

Once infected, it triggers a pop-up message asking a user for his or her banking details, which, if entered, are forwarded on to the creator of the exploit. Mr Bureau explained it is unclear how the vulnerability was initially exploited, adding: “This is a malicious module installed on an otherwise non-malicious server. This implies the controls protecting server access were circumvented or there is an insider involved.”
He speculated that the team behind the attack is “probably a gang specialising in such attacks, then renting ‘traffic’ to other groups”. This is one of many exploits that could negatively affect a business, so having strong security in place is key. CIO.com recently advised small firms to make use of cPanel, a program that simplifies the backup process, so enterprises’ information will still be safe in the event of a database being attacked or failing.
It also suggested using a virtual private network as an extra layer of protection if a firm is making use of sites that are known targets for hackers.

If you’re looking to set up dedicated servers to be used as the base of your data center, you need to be thinking carefully about the software solutions you add to it in order to make your life as easy as possible. For many enterprises, one of the most commonly-used solutions is Oracle’s Java platform, which can be used to create powerful applications for business computing and web servers. However, it seems the popularity of this is being increasingly recognised by criminals.
Most exploited
This is because research conducted by Kaspersky as part of its 2012 Security Bulletin has revealed Java has become the most frequently exploited software by cybercriminals in the past 12 months. This has seen it overtake the previous most vulnerable software, Adobe Reader, which slipped back to second.
In 2011, Adobe Reader was responsible for 35% of all exploit-related incidents, while for Java the figure was 25% and Microsoft Windows 11%. But in 2012, Java jumped to 50%, with Adobe Reader falling to 28%.
Used by criminals
What this might mean for you is that you could be leaving your business open to malware, as exploiting known vulnerabilities in software is one of the most common ways to access networks and place malicious programs on a network. Kaspersky explained: “Cybercriminals exploit applications or software that has unpatched security vulnerabilities, which exist because either the individual or business have failed to patch their vulnerable applications with the latest security updates from vendors.”
Therefore, if you’re using software such as Java, it’s vital to ensure you always have the lastest version and update it with new patches as soon as they become available. If you don’t do this, you’re leaving yourself open to problems that could have a potentially disastrous impact on your business’ network.
Now obviously this isn’t the only thing you need to be taking care of to make sure your operations are safe. For example, it was recently observed by CIO.com that taking steps to keep websites free from vulnerabilities is hugely important to small firms, as they have limited resources available to them and might be especially targeted by criminals because of this.

If you’re a small business looking to run your data center on dedicated servers, your choice of operating system is clearly going to be an important decision.

Small businesses might not be able to justify investing in Windows Server 2012 Standard Edition, but happily, this isn’t the only option if you want to use Microsoft technology as the basis for your data center.

If you’ve got fewer than 25 users of your network, you should look at Windows Server 2012 Essentials. While you don’t get access to features such as Microsoft Hyper-V with this, information website ServerWatch said you should find it does offer all the vital tools to get your firm up and running.

New capabilities

For example, it does offer a number of new capabilities that weren’t present in previous editions of Small Business Server, such as the ability to hook up to Microsoft’s cloud services, like Azure and Office 365.

This could be important for many businesses in the coming years, as news publication Windows IT Pro stated Microsoft’s vision for the future is a ‘cloud OS’ environment where much of a network’s operations are hosted remotely.

Simple management

ServerWatch also noted one of the great things about Windows Server 2012 Essentials is that it comes with an easy to use Dashboard interface that lets an administrator take complete control of all crucial management functions.

This offers an intuitive graphical user interface with point and click controls that can help users find information, view warning messages and perform some of the most commonly-used actions.

It was noted: “The management tools are designed to make it easy for anyone to administer the system with a minimal amount of experience.”

The publication concluded that although the product is more limited than the Standard edition, the access it provides to Microsoft’s cloud offerings makes for a solid product that’s capable of meeting the basic server needs of any small business.