Security holes in PHP-based content management and forum apps are an increasingly active front in Internet security, as hackers target unpatched weaknesses. The latest example is Monday's hack of chip maker AMD's customer support forums, in which an older version of Invision Power Board was compromised and used to distribute malware using the Windows Metafile (WMF) exploit.
While Windows flaws like the WMF vulnerability are useful to hackers assembling armies of compromised desktop computers, security holes in PHP applications provide access to more powerful servers hooked directly to high-speed network connections.
Internet criminals have targeted unpatched vulnerabilities in open source CMS apps including phpBB, PostNuke, Mambo, Drupal and others, hoping to build botnets for use in phishing scams and distributed denial of service (DDoS) attacks. Compromised web forums hosted more than 600 phishing spoof sites identified by the Netcraft Toolbar Community in 2005 (as noted in our Year in Phishing roundup).
The DDoS capabilities of server-based zombies was demonstrated in a December attack by a large botnet of Linux machines, in which attackers flooded their target with more than 6 gigabytes of data per second. Hosting providers with multiple IP addresses being used in the botnet included Level 3, Savvis, AT&T WorldNet, 1&1 Internet, Interland and The Planet. The network used in the December attack was assembled by exploiting known security holes, including a vulnerability in the Limbo CMS that had been patched at least six weeks earlier.
ChoicePoint will pay $10 million in civil penalties and another $5 million to set up a fund to compensate consumers whose financial records were exposed in a massive data breach last year, the Federal Trade Commission (FTC) announced today. The fine is believed to be the largest ever for a security incident, and signals Washington's growing impatience with corporate security breaches.
"The message to ChoicePoint and others should be clear: Consumers’ private data must be protected from thieves," said Deborah Platt Majoras, Chairman of the FTC. "Data security is critical to consumers, and protecting it is a priority for the FTC, as it should be to every business in America."
ChoicePoint provides data to credit providers, government agencies and landlords. Earlier today it reported $1.1 billion in revenue for 2005. In late 2004 criminals using falsified credentials were able to sign up for sensitive ChoicePoint services and access account information for 163,000 consumers, the FTC said.
The company hosting the Million Dollar Homepage says an electronic attack was responsible for the extended outages earlier today. The distributed denial of service (DDoS) occurred as college student Alex Tew sold the final 1,000 pixels if his innovative ad service in an eBay auction for $38,100. The attack left the milliondollarhomepage.com site unreachable for large portions of the day, as seen in a performance chart for the site.
"The site received a major DDoS attack, and DDoS protection/prevention was not included in the customer's plan," Russell Weiss of InfoRelay Online Systems, Inc. wrote in an e-mail to Netcraft. "That said, we voluntarily took a number of steps to alleviate this attack while working within the appropriate budget." InfoRelay is the owner and operator of Sitelutions, which hosts the Million Dollar Homepage.
Tew has promised to keep the site online for at least five years. The DDoS attacks raise the prospect that operating milliondollarhomepage.com may prove more expensive than Tew originally envisioned. Tew will not be charged for any additional bandwidth consumed by the attack. But as Weiss noted, defense against DDoS attacks is typically a paid service not included with basic hosting accounts.
The Million Dollar Homepage was unavailable for an extended period early today, as huge publicity accompanied the completion of Alex Tew's novel online advertising service. Tew, a 21-year-old UK college student, sold the final 1,000 pixels for $38,100 in an eBay auction that closed Wednesday, netting Tew a total of $1,037,100 in total ad sales. The winner of the auction has not yet been announced. Tew launched the site in September to pay his college expenses, offering 1 million pixels of ad space at $1 a pixel.
The gimmick has paid off in huge web traffic. Milliondollarhomepage.com has received up to 500,000 unique visitors per day, and uses up to 200 megabits per second of Internet bandwidth, according to its host, Sitelutions. The Million Dollar Homepage is scheduled to remain online for five years, and appears to now be back online after several hours of downtime, which can be seen in this performance chart:
A dynamically updating performance chart is available for milliondollarhomepage.com. Netcraft offers a web site performance monitoring service that provides similar charts, along with e-mail alerts when an outage occurs.
The official web site for the MacWorld Expo was bogged down by heavy traffic today as Apple CEO Steve Jobs took the stage at the Moscone Center for his annual keynote address. In a repeat of last year's keynote, the crush of surfers eager for details on the latest Apple products slowed macworldexpo.com to a crawl. The site was knocked offline Monday night, apparently from traffic chasing the latest rumors about new product unveilings. On Jan. 3 the site (which ironically is powered by Windows Server 2003) was shifted to new hosting digs at Level 3, perhaps in anticipation of heavy traffic during the annual MacWorld show.
Mac enthusiast sites adapted their sites to manage the extra traffic, as the Mac News Network went to an all-text, ad-free page as it live-blogged Jobs' speech.
A dynamically updating performance charts are available for the www.macworldexpo.com site.
In the January 2006 survey we received responses from
75,251,256 sites, an increase of 897K sites from December 2005. With the gain, the Internet resumes its pattern of steady growth, which was interrupted last month with a decrease of 219K hostnames, which was the first decline in the survey nearly three years. The loss was the result of the expiration of 1 million .name domains at Zipa.
This month's analysis shows how changes at a single large provider can influence survey trends. The market share for the Apache web server is down by nearly three percent this month, due primarily to configuration changes at domain registrar Go Daddy. Its bulk hosting service includes a front-end system that generates an HTTP redirect when a site is first accessed — and this redirect is not served by (or, at least, does not identify itself as) Apache. Once the redirect is followed, or if the site is accessed a second time, it is then served by Apache. So this change (which, given the large number of sites hosted by Go Daddy, has not gone unnoticed), has caused a large swing from Apache to Unknown.
Total Sites Across All Domains August 1995 - January 2006
|Developer||December 2005||Percent||January 2006||Percent||Change|