Kingcope’s Apache Killer – Is Your Website Vulnerable?

Over the weekend Kingcope posted an exploit called the “Apache Killer” to a security list. The script has the ability to cause a DOS on a vulnerable Apache webserver. According to Pingdom in 2010 Apache powered 59.4% of the websites they tested. This blog runs on Apache, and yours probably does too (along with a tonne of other sites).

Hacklabs have kindly provided an article explaining the vulnerability and the script, along with a simple script that can be run on any system with “curl” and “grep” (i.e. your OS X or Linux PC should have it) to determine if websites you owned are vulnerable.

curl -H “Range:bytes=1-” -I http://target.com | grep Partial

According to the Hacklabs post 91 of 1000 of Australia’s top sites according to Alexa are vulnerable,along with 29 of the ASX 200’s websites.