Web administrator complacency adds to security threat


Web administrator complacency adds to security threat

Mike Simons
Complacency among Web administrators is leaving many e-commerce sites open to attack, according to Web analyst and security firm Netcraft.

Some 75% of Web servers running Apache-SSL, the secure version of the popular open source software, are vulnerable, as they have not been upgraded to fix a serious flaw uncovered in June, according to a Netcraft survey released yesterday (20 August).

Instead, Web administrators seem to have given priority to patching regular Apache installations, said Netcraft. The survey found that around half of the 22 million Web sites that rely on regular Apache software have been patched.

"This is inherently daft," said Netcraft director Mike Prettejohn. "Administrators seem to be patching their most visible, most highly used servers first, rather than those that could present the greatest risk."

Prettejohn said complacency rather than ignorance among Web administrators was to blame. The last six weeks has seen a series of major Internet security scares involving among others, Apache servers and Microsoft's Commerce Server and Internet Explorer.

Apache-SSL is a combination of the Apache Web server and OpenSSL security software meant to offer secure Web site connections.

Apache is the most used Web server software in the world, with 66% of active sites running Apache, according to Netcraft, which published a monthly survey of global Web server security.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy