Ensuring your server is protected 24/7 is of critical importance and a new Apache exploit that uses the server platform as part of a scam to acquire online bank details has reaffirmed the need for security. Dark Reading reports Eset has discovered an Apache attack that adds malware to web pages on a web server, which is able to hide its presence. The malware then convinces the Apache software into infecting a visitor’s PC with the software, which can then be used to steal banking logins and passwords.
Security intelligence program manager for Eset Pierre-Marc Bureau explained the company was worried when it unearthed the vulnerability, which has the potential to be very widespread. “More than half of all web servers on the internet use Apache, so when we discovered a malicious Apache module in the wild last month, being used to inject malicious content into web pages displayed by compromised web servers, we were understandably concerned,” he remarked.

Once infected, it triggers a pop-up message asking a user for his or her banking details, which, if entered, are forwarded on to the creator of the exploit. Mr Bureau explained it is unclear how the vulnerability was initially exploited, adding: “This is a malicious module installed on an otherwise non-malicious server. This implies the controls protecting server access were circumvented or there is an insider involved.”
He speculated that the team behind the attack is “probably a gang specialising in such attacks, then renting ‘traffic’ to other groups”. This is one of many exploits that could negatively affect a business, so having strong security in place is key. CIO.com recently advised small firms to make use of cPanel, a program that simplifies the backup process, so enterprises’ information will still be safe in the event of a database being attacked or failing.
It also suggested using a virtual private network as an extra layer of protection if a firm is making use of sites that are known targets for hackers.

If you’re looking to set up dedicated servers to be used as the base of your data center, you need to be thinking carefully about the software solutions you add to it in order to make your life as easy as possible. For many enterprises, one of the most commonly-used solutions is Oracle’s Java platform, which can be used to create powerful applications for business computing and web servers. However, it seems the popularity of this is being increasingly recognised by criminals.
Most exploited
This is because research conducted by Kaspersky as part of its 2012 Security Bulletin has revealed Java has become the most frequently exploited software by cybercriminals in the past 12 months. This has seen it overtake the previous most vulnerable software, Adobe Reader, which slipped back to second.
In 2011, Adobe Reader was responsible for 35% of all exploit-related incidents, while for Java the figure was 25% and Microsoft Windows 11%. But in 2012, Java jumped to 50%, with Adobe Reader falling to 28%.
Used by criminals
What this might mean for you is that you could be leaving your business open to malware, as exploiting known vulnerabilities in software is one of the most common ways to access networks and place malicious programs on a network. Kaspersky explained: “Cybercriminals exploit applications or software that has unpatched security vulnerabilities, which exist because either the individual or business have failed to patch their vulnerable applications with the latest security updates from vendors.”
Therefore, if you’re using software such as Java, it’s vital to ensure you always have the lastest version and update it with new patches as soon as they become available. If you don’t do this, you’re leaving yourself open to problems that could have a potentially disastrous impact on your business’ network.
Now obviously this isn’t the only thing you need to be taking care of to make sure your operations are safe. For example, it was recently observed by CIO.com that taking steps to keep websites free from vulnerabilities is hugely important to small firms, as they have limited resources available to them and might be especially targeted by criminals because of this.

If you’re a small business looking to run your data center on dedicated servers, your choice of operating system is clearly going to be an important decision.

Small businesses might not be able to justify investing in Windows Server 2012 Standard Edition, but happily, this isn’t the only option if you want to use Microsoft technology as the basis for your data center.

If you’ve got fewer than 25 users of your network, you should look at Windows Server 2012 Essentials. While you don’t get access to features such as Microsoft Hyper-V with this, information website ServerWatch said you should find it does offer all the vital tools to get your firm up and running.

New capabilities

For example, it does offer a number of new capabilities that weren’t present in previous editions of Small Business Server, such as the ability to hook up to Microsoft’s cloud services, like Azure and Office 365.

This could be important for many businesses in the coming years, as news publication Windows IT Pro stated Microsoft’s vision for the future is a ‘cloud OS’ environment where much of a network’s operations are hosted remotely.

Simple management

ServerWatch also noted one of the great things about Windows Server 2012 Essentials is that it comes with an easy to use Dashboard interface that lets an administrator take complete control of all crucial management functions.

This offers an intuitive graphical user interface with point and click controls that can help users find information, view warning messages and perform some of the most commonly-used actions.

It was noted: “The management tools are designed to make it easy for anyone to administer the system with a minimal amount of experience.”

The publication concluded that although the product is more limited than the Standard edition, the access it provides to Microsoft’s cloud offerings makes for a solid product that’s capable of meeting the basic server needs of any small business.

These days, keeping your network activities safe from attacks is vital, as we’re being warned all the time that cyber crime and malware is constantly on the rise. Obviously, having strong anti-malware software in place is a must, but if you’re using Linux-based dedicated servers, there are several things you can do to keep your system  safe. Some of these have been highlighted this week by IT World. The publication noted its tips are intended to apply specifically to servers running Red Hat Enterprise Linux (RHEL) 5, but most of its suggestions can be used on almost any Linux-based distribution, as well as many Unix options.
Keep your software lean
The internet news provider explained the more applications you have installed on a server, the more potential vulnerabilities you open yourself up to. Therefore, for the best protection, it was recommended you restrict the tools you add, maintain what is clearly required and actively keep an eye out for new vulnerabilities.
It added: “The more critical a server, the less tolerance you should have for anything beyond the essential services.”
Encrypt your data
Ensuring any information passed over a network seems obvious, but you’d be surprised how many people are still using protocols that don’t encrypt key details such as passwords.
It was noted it’s not difficult for an individual to download and use tools to monitor this data and capture sensitive information, so it you aren’t taking basic precautions, you’ve only got yourself to blame if you suffer a breach.
Maintain user accounts
IT World added you need to keep a close eye of who has access to your servers. It stressed the importance of deleting or at least disabling unused accounts as quickly as possible – ideally as soon as an individual leaves an organisation or moves to another project.
Related to this, you also need to create and enforce a good password policy. On RHEL, there are inbuilt password complexity controls that will ensure they users do not pick weak passwords for themselves – for example by mandating on minimum length and a mix of character types.
It was noted these are just some of the basic general principles you need to be following, as there as many things you can do to keep your servers secure.