IsP Worla Site Attack Highlights Need for Web Security Precautions ‘By Arik Hessoldaht NTERNET SECURITY is most often ing private information on Net- ‘connected networks. But an appar- cent hack attack against a Utah Web hosting provider last month re- ‘sulted in the deletion of hundreds of sites, and security experts said the event underscores the need for cent bystanders in a battle between hhacking factions for control ofthe business’ servers, a struggle that brought down as many as 700 sep- arate sites. Nick Wood, one of Pro- Hosting’s owners, confirmed the attack and said the security hole that led tothe hack had been fixed. He said he was not sure whether the company will press charges ‘gaint the suspected culprits. Protlosting’s servers were at- tacked by an unorganized group of hackers targeting a page belonging to Milworm, another notorious hacker gang, said John Vranese- ‘ich, founder of hacker informa- Web Server Security Tips 1, Never ron default configurations. Aways disable all server configurations and ‘then re-enable only what you need, ot ‘2 Less is more. When possible, Web servers should run only Web server software and not be loaded with mail servers or other software. ‘8. Stay uptodate, Make sure you're running the latest versions ofboth server software and operating systems. 4, Control your numbers. Limit who has physical access to Web servers. 5. Use CGI sors careful. Many security problems arise when input entered into (ses is mat fered propery bef being passed on to another program. tion site AntiOnline. with the Computer Emergency ‘Vranesevich said the hackers ex- Response Team (CERT), a govem- ploited a security hole in Eudora's ment-funded security clearinghouse Qpopper, a freeware POP3 e-mail located at Camegie Mellon Univer- server for Unix. The flaw allows sity, said the problem stemmed ‘someone with the right knowledge from the static size of the server to take control of the server re- program's memory buffer. ‘motely.The problem exists in Qpop- “An intruder could send a care- per version 241 and earier,and Eu- fully crafted message to the POP dora has since fixed it with the server and insert code that would release of version 2.5, then be executed by that server” to ‘Shawn Heman, a security expert gain root access on the server, the highest level of administrative ac- cess, Heman said CERT issued an advisory on the Qpopper exploit shortly after the July attack on ProHlosting. The problem was also discussed on the Bugtraq mailing list, which covers Unix security topics. Ex- perts suggest—in addition to keeping up to date on the latest, ‘software security bugs through CERT or Bugtraq alerts—taking other basie precautions to guard against attacks [see box, left]. CERT's Hernan advises compa- nies shopping around for a host- ing service to ask serious ques- tions about the host's security, measures and whether they stay up to date on the latest security issues, “If you're putting your business in the hands of another company, you need to know what their pro- cedures and processes are, and ‘what risks you're willing to toler- ate,” Hernan said. “Our experience is that those ‘that practice Camputer Emergency esposeYean—vwr. cr. Protesting Virtual Web Hosting yahsing. com