A honeypot server becomes a hacker DoS culprit. The security company is very hurt.

Generally, hackers like to scan vulnerabilities everywhere and insert malicious code into the "bot grabbing" method to organize botnets and launch DoS attacks.

However, security company Imperva found that a "honeypot system" consisting of up to 300 Web servers was recently hacked, and the servers were reconfigured and attacked by Google search.

The bandwidth of Web servers is usually quite large. If a certain scale is formed, a considerable amount of attack traffic can be formed, and one server can generate the equivalent of 50 PCs, the main method for hackers is to find out the vulnerable parts of PHP and Web pages and attack the systems running Apache and IIS servers to gain control.

According to foreign media reports, Imperva Security recently discovered a botnet that launched a new DoS attack (rejecting server attacks. The botnet uses the Web server to initiate DoS attacks, instead of using the PC as usual.

Imperva security company said on Wednesday that it found a Web server named "Honeypot" was used to initiate an attack. They found a botnet that covers about 300 Web servers, this Botnet is based on Google search attack code. Amachai Shulman, Imperva head of technology, said that Web servers were widely used for such attacks 10 years ago, but now they are more common in the use of Windows operating system PCs.

Schulman pointed out that in the DoS attack that Imperva noticed, the two Web servers are attempting to attack a Dutch hosting service provider, and the company has discovered this situation. Obviously, these network servers exploit a vulnerability in the PHP language, and the code harms servers running Apache, Microsoft Internet Information Service (IIS), and other server software. The attacker simply uses a single user interface, which not only allows the attacker to specify the IP address and port of the attacker, but also determines the attack duration. According to a report provided by Shuman, an Indian speaker appears on the attacker's computer screen, with the message "Do not launch such attacks against your friends ".

Schulman said the "Exeman" attacker used the Tor network that provided anonymous services to hide his or her whereabouts. In addition, the advantage of Web servers used by hackers is that compared with PCs, they provide a larger frequency band for attacks and only need a few "zombie computers. Because Web servers generally do not run anti-virus software, this greatly reduces the probability of attacks being discovered.

"In this way, a server can replace 50 PCs. To some extent, using a server can more easily maintain the continuity of such attacks, because the fewer computers used in the attack process, the lower the probability of attack code being detected ."

When asked about the motives of these attacks, Schulman replied that many DoS attacks are aimed at extortion of website owners.