Select Page

ZDNet and others are flagging a new Linux worm.

Quoting McAfee:

The worm blindly attacks web servers by sending malicious http requests on port 80. If the target server is running one of the vulnerable scripts at specific URLs and is configured to permit external shell commands and remote file download in the PHP/CGI environment, a copy of the worm could be downloaded and executed.

There are some well understood methods to minimise this risk.

Practice good security. A good robust perimeter firewall – I use IPcop; along with a good patch regime is vital. I (naturally) use ZENworks Linux Management to keep my Linux servers up to date.

One other addition is application hardening – I blogged a while ago about Novell AppArmor – I run this on my outward facing and internal Linux servers. If anything untoward happens – AppArmor is my final line of defence keeping my servers in good health.

[Edit – also to note – keep your applications themselves up to date; if they are RPM based – ZENworks Linux Management can deliver the updates. My blogging software is WordPress – they posted a note saying the updated versions are not affected.]