Firms failing to protect web servers, says Sophos

Businesses are routinely installing anti-virus protection on their desktops and hardening their websites to protect against hackers.

However, few companies...

Businesses are routinely installing anti-virus protection on their desktops and hardening their websites to protect against hackers.

However, few companies are paying as much attention to protecting their web servers against intrusion, opening up back doors for hackers to use web servers as platforms to attack the websites they are hosting.

According to Sophos, hackers have compromised over 8,000 websites in the UK in the past month, while worldwide more than 90% of websites are infected with malware.

Mark Harris, Sophoslabs director, says Linux-based servers are more at risk because Linux administrators are less likely to install anti-virus software.

Many administrators believe anti-virus software is unnecessary because Linux-based servers are inherently more secure if correctly configured, he says. This is reinforced by the perception that malware is chiefly a Microsoft Windows problem.

But Geoff Connell, acting CIO of the London Borough of Newham, says that installing anti-malware on servers can create unexpected problems.

"While we do install AV and other anti-malware on all our servers as well as desktops, we have found that application software often does not run well with such software and often requires tweaks," he says.

Anti-malware can also impact the performance of the applications themselves, which means many applications go unprotected, adds Connell.

He says administrators tend to be more relaxed about security on servers within the organisation because they believe security on the perimeter or entry points is enough.

Another reason Linux-based servers are more vulnerable is that system administrators in many organisations tend to have more skills in Windows than Linux.

Adrian Pastor, senior penetration tester at security firm Procheckup, says this means they are less confident of making any modifications to Linux-based systems and therefore less likely to do so.

Sophos has tracked over 12,000 IP addresses infected with the six-year-old Linux/Rst-B virus in the past four months, indicating the size of the problem.

The virus is typically found in infected hacking tools, which means cyber criminals are still finding it possible to access thousands of servers to download malware.

Harris says this is particularly worrying because Linux-based servers are the most popular for hosting websites.

According to Bath-based internet services company Netcraft, 50.4% of websites are on Linux-based servers, while only 34.4% are on Windows-based servers.

More than half the world's websites are running on Linux-based servers that could have wide open back doors for cyber criminals.

Security experts advise any organisation that has a website to run some form of malware scanning on its web servers. While the software would not block all the threats, it can at least alert administrators that the server is being targeted.

Podcast: Locked-down security or insecure productivity? >>

Sophos helps businesses uncover lurking malware >>

Read more on IT risk management