IsP Worla
Site Attack Highlights Need for Web Security Precautions
‘By Arik Hessoldaht
NTERNET SECURITY is most often
ing private information on Net-
‘connected networks. But an appar-
cent hack attack against a Utah Web
hosting provider last month re-
‘sulted in the deletion of hundreds
of sites, and security experts said
the event underscores the need for
cent bystanders in a battle between
hhacking factions for control ofthe
business’ servers, a struggle that
brought down as many as 700 sep-
arate sites. Nick Wood, one of Pro-
Hosting’s owners, confirmed the
attack and said the security hole
that led tothe hack had been fixed.
He said he was not sure whether
the company will press charges
‘gaint the suspected culprits.
Protlosting’s servers were at-
tacked by an unorganized group of
hackers targeting a page belonging
to Milworm, another notorious
hacker gang, said John Vranese-
‘ich, founder of hacker informa-
Web Server Security Tips
1, Never ron default configurations. Aways disable all server configurations and
‘then re-enable only what you need, ot
‘2 Less is more. When possible, Web servers should run only Web server software
and not be loaded with mail servers or other software.
‘8. Stay uptodate, Make sure you're running the latest versions ofboth server
software and operating systems.
4, Control your numbers. Limit who has physical access to Web servers.
5. Use CGI sors careful. Many security problems arise when input entered into
(ses is mat fered propery bef being passed on to another program.
tion site AntiOnline. with the Computer Emergency
‘Vranesevich said the hackers ex- Response Team (CERT), a govem-
ploited a security hole in Eudora's ment-funded security clearinghouse
Qpopper, a freeware POP3 e-mail located at Camegie Mellon Univer-
server for Unix. The flaw allows sity, said the problem stemmed
‘someone with the right knowledge from the static size of the server
to take control of the server re- program's memory buffer.
‘motely.The problem exists in Qpop- “An intruder could send a care-
per version 241 and earier,and Eu- fully crafted message to the POP
dora has since fixed it with the server and insert code that would
release of version 2.5, then be executed by that server” to
‘Shawn Heman, a security expert gain root access on the server, the
highest level of administrative ac-
cess, Heman said
CERT issued an advisory on the
Qpopper exploit shortly after the
July attack on ProHlosting. The
problem was also discussed on
the Bugtraq mailing list, which
covers Unix security topics. Ex-
perts suggest—in addition to
keeping up to date on the latest,
‘software security bugs through
CERT or Bugtraq alerts—taking
other basie precautions to guard
against attacks [see box, left].
CERT's Hernan advises compa-
nies shopping around for a host-
ing service to ask serious ques-
tions about the host's security,
measures and whether they stay
up to date on the latest security
issues,
“If you're putting your business
in the hands of another company,
you need to know what their pro-
cedures and processes are, and
‘what risks you're willing to toler-
ate,” Hernan said. “Our experience
is that those ‘that practice
Camputer Emergency esposeYean—vwr. cr.
Protesting Virtual Web Hosting yahsing. com