It's a cpanel vulnerability, Apache is merely modified by the payload to help it spread. Seriously, giving a web server process root -- what the hell are those guys thinking?
That is why this thing is overhyped. Yes it's a problem but only on grossly msiconfigured servers. They might as well left the Root password as "password"
doesn't look so scary (Score:5, Insightful)
Only cpanel apaches vulnerable and modified httpd easily found by grep'ing a string?
*yawn*
Re: (Score:5, Insightful)
It's a cpanel vulnerability, Apache is merely modified by the payload to help it spread. Seriously, giving a web server process root -- what the hell are those guys thinking?
Re: (Score:4, Insightful)
Bingo.
That is why this thing is overhyped. Yes it's a problem but only on grossly msiconfigured servers. They might as well left the Root password as "password"
Re:doesn't look so scary (Score:1)
That's inefficient password usage.
My root password is "12345". That way both my web server and luggage are secured.