Security Advisory for Apache Web Servers December 22, 2010

There are reports of a compromise leveraging one of approximately twenty exploits that adds a unique module to Apache web servers that will, under the right circumstances, return spam links. Apparently a number of university sites have been affected.

See related media article at the following URL:
http://techcrunch.com/2010/12/21/hackers-embed-spam-into-google-search-listings-for-unsuspecting-sites/

Symptoms:

  • following a link as a result of a Google search that appears to be to a legitimate university site does in fact take you to the university site.
  • a server script at this point (in no specific location on the server) sends the user an HTTP 302 redirect to an Online pharmacy page, or a cascade of sites leading to an Online pharmacy page.

It is recommended site owners test this using a Google search and their own domain. If you see results similar to what is described in the article, please review your web server for indications of exploitation.