The Linux botweb story that wasn't ...

Late last Friday a story appeared on my radar that seemed interesting - it was about a botweb (a botnet made up of web servers) utilizing Linux web servers. Was Linux cracked? Would Linux fans have to wind in all their security bragging? Was the Linux fortress wall breached? Was the sky falling in?

Late last Friday a story appeared on my radar that seemed interesting - it was about a botweb (a botnet made up of web servers) utilizing Linux web servers. Was Linux cracked? Would Linux fans have to wind in all their security bragging? Was the Linux fortress wall breached? Was the sky falling in?

Short answer, no.

Slightly longer answer, no, no, no and no.

If there was a way that hackers could crack Linux web servers and use them to create an huge botweb, then that would be a very big deal indeed. Botwebs, since they use web servers rather than zombie home or office PCs, make a far more effective botnet since they have a better connection to the internet. The idea of millions of compromised Linux web servers causing all sorts of mayhem isn't a pretty picture.

Which is why the story was interesting.

But alas, this story doesn't have anything to do with Linux hacks, but instead comes down to basic security, or the lack of it. It seems that the hack comes down to bad passwords. Hackers regularly sweep the web looking for vulnerable systems, which is why good passwords are vital. If your passwords are weak then the system can, and eventually will, be compromised. It doesn't matter if it's Windows-based or Linux-based.

Normal "Linux is more secure than Windows" bragging can resume ...