In 2004, the average time for an unprotected computer to get infected with malware was 20 minutes. In 2006, that dropped to 12. These days, it can be measured in seconds. But that metric is typically focused on Windows PCs exploited by virii and bot-nets. What about other platforms like Linux? Anecdotal evidence suggests that it is truly a scary world out there for everyone.

A friend was working on a client’s web pages on a shared-host provider. They were configuring the web server redirects using the hosting provider’s “CPanel” control panel to manipulate the Apache config files. It was all harmless GUI actions, but there must have been a CPanel bug. In the process of adding the redirect command to the .htaccess file, it removed a “deny” flag that enabled uploads via http.

There was no easy way to tell what had happened. It was only after the fact that we discovered the htaccess security hole. In mere minutes – according to the timestamps – the mistake had been discovered and exploited. In the span of less than 24hrs, a fake Australian online banking site had been uploaded, spam had already been distributed using the fake link, and (thankfully) the phishing attempt was reported to the bank’s abuse line.  Major kudos to the Westpac cyber-crime watchdogs!

This is not an isolated incident, as web-site infestations in 2009 were up 100% compared to the same period in 2008. Fox and Gizmodo will agree that this is a cautionary tale. Don’t assume it can’t happen to you, and that only the most amateur of webmasters could ever let such a thing happen…