Hundreds of thousands of websites could be endangered by publicly available attack code exploiting a critical vulnerability in the Plesk control panel. This particular vulnerability gives hackers control of the server it runs on according to security researchers.
Security researchers have uncovered an ongoing and widespread attack that causes sites running three of the Internet's most popular Web servers to push potent malware exploits on visitors.
Ongoing exploits infecting tens of thousands of reputable sites running the Apache Web server have only grown more powerful and stealthy since Ars first reported on them four weeks ago. Researchers have now documented highly sophisticated features that make these exploits invisible without the use of special forensic detection methods.
Tens of thousands of websites, some operated by The Los Angeles Times, Seagate, and other reputable companies, have recently come under the spell of "Darkleech," a mysterious exploitation toolkit that exposes visitors to potent malware attacks.
A group of hackers that are infecting web servers with rogue Apache modules are also creating backdoors to Secure Shell (SSH) services in order to steal log-in credentials from administrators and users.
The hackers are replacing all of the SSH binary files on the compromised servers with backdoor-equipped versions that are designed to send the hostname, username and password for incoming and outgoing SSH connections to attacker-controlled servers, security researchers from web security firm Sucuri said in a blog post.