Web Site Attacks Are On The Rise

Nicholas Roussos writes "According to recent numbers from 2004, website attacks are on the rise, and many of them are being performed by mischevious school kids. Some of their favorite targets include U.S. government and military websites."

Top 5 attackers

[Virtual+Karma]

Here is a list of top 5 attackers of Indian websites:

AIC - 166 defacements - 21.28%
GForce Pakistan - 116 defacements - 14.87%
Silver Lords - 101 defacements - 12.95%
WFD - 59 defacements - 7.56%
ISOTK - 17 defacements - 2.18%

Attack or Compromise?

[kevin_conaway]

Both articles from the summary indicate that the attacks on the the U.S. govt and military computers were just that, attacks. Anyone have any info on whether these were successful attacks or not? The Zone-H website is running a little slow to figure it out.

Re:No surprises there, then

[Tassach]

On looking at the weblogs, it looks like 80-90% of all traffic is attempted hacks

If your traffic pattern is like mine, 99% of these "hack" attempts are really IIS worms trying to propegate. It's sad to say that after nearly 4 years NIMDA, Code Red/Blue, and their spawn are still a daily annoyance. As long as you don't have an unpatched IIS instance open to the world, these attacks are no threat.

The worms were polluting my weblogs so badly that I had to set up conditional logging in Apache to send them to a seperate log:

SetEnvIf Request_URI "^/c/winnt" ATTACK
SetEnvIf Request_URI "^/c/winnt" NO_LOGACCESS
# etc
CustomLog logs/attack_log common env=ATTACK
CustomLog logs/access_log common env=!NO_LOGACCESS

<Location />
Order Allow,Deny
Allow from all
Deny from env=ATTACK
ErrorDocument 403 "Worm Attack - Access Denied"
</Location>