Future Hosting Responds to Threat Advisory for the XOR Botnet

Share Article

Future Hosting has urged Linux server administrators to ensure that their servers’ SSH service is properly configured in wake of a recent threat advisory for the XOR botnet.

futurehosting_logo
Although the XOR botnet is a serious problem, it’s one that individual administrators can easily avoid if they use long, random, hard-to-guess passwords or move away from passwords altogether and implement key-based SSH logins.

Future Hosting, a specialized VPS hosting and dedicated server hosting provider, has urged Linux server administrators to ensure that their servers’ SSH service is properly configured. The warning comes in the wake of a threat advisory for the XOR botnet posted in late September 2015, which uses insecure SSH servers as an infection vector and is capable of inflicting devastating denial of service attacks on web services across the world.

The XOR botnet has been responsible for up to twenty distributed denial of service attacks each day, with a peak bandwidth of 150 GB a second — sufficient bandwidth to seriously impact all but the most resilient network interfaces.

The XOR botnet comprises thousands of nodes, each of which is a compromised Linux server. The XOR malware compromises Linux servers using a low-tech brute force attack against SSH services. SSH itself does not constitute a vulnerability, but by using easily guessed username-password combinations, some Linux server administrators are leaving their server open to a successful brute force attack.

“We provide hosting for thousands of Linux servers, including both virtual machines and dedicated servers,” said Maulesh Patel, VP of Operations of Future Hosting, “As a responsible member of the online community, we’re concerned that some server administrators are not following simple security best practices. Although the XOR botnet is a serious problem, it’s one that individual administrators can easily avoid if they use long, random, hard-to-guess passwords or move away from passwords altogether and implement key-based SSH logins.”

Many of the XOR botnet’s nodes are routers and other appliances running embedded versions of Linux. Devices of this sort are vulnerable because their manufacturer implemented a simple default username-password combination, but dedicated and virtual private server administrators are responsible for the security of the machines they oversee — if they use easily guessed SSH passwords and fail to implement rate limiting for logins — both rudimentary brute force mitigation techniques — their servers can be easily compromised.

###

About Future Hosting, LLC

Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan. For more information, visit http://www.futurehosting.com.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Vik Patel
@fhsales
since: 08/2009
Follow >
Follow us on
Visit website