Breakdowns of Website Defacement by Platform

SkiifGeek writes "Zone-H have recently posted the statistical breakdown of the collected website defacements from the last few years. Surprisingly, in 2007 more Linux servers suffered a successful attack than all versions of Windows, combined. Similarly, more Apache installations were successfully attacked than all IIS versions combined. A day after posting this data, Zone-H have questioned the appropriateness of continuing to operate the archive. Despite the valuable information that can be gleaned from the service, it may soon be lost to the world. The natural successor to the now-defunct Alldas archive of defaced websites, Zone-H's archive maintains records of over 2.6 million defaced sites but may be shut down due to the continuous accusations of impropriety leveled against them any time they disclose and mirror a reported defacement."

"Surprisingly"?

[Quietus]

Given the proportion of Apache servers to IIS servers on the Internet, I don't think the ~280% difference is that strange. After all, most websites are vandalised through oversights in custom scripting etc., rather than security holes in Apache.

Re:"Surprisingly"?

[cbart387]

Hmm.. I though here in Slashdot many people deny that there are more succesful attacks in Windows just because it is the more popular platform. Not everyone. I'm not a fan of windows, only because I find Linux more responsive and easier to use for my programming. I agree with you however that there is a double standard here. People who bash Windows (where it's not warranted) get modded insightful, However when they try to defend Windows it's flamebait or troll. I'd go on a rant but I just wanted to say not everyone screams Windows security sucks yadda yadda yadda

Summary skewed.

[Lumpy]

Of course Apache and linux have more attacks than windows.

There are far more honda civics successfully stolen in the USA than BMW Isetta's Or Smart TwoFours This is because there are well over 5000 civics on the road for every BMW Isetta or Smart TwoFour on the road.

By the summary's mention and what it is alluding to, BeOS servers are the most secure because NONE of them have been compromised on the internet.

Netcraft confirms it

[greg1104]

For once that's on topic. I stated to rant like everybody else on how this was skewed by not taking into account the market share of Apache vs. IIS, but that's not the real story here.

Take a look at the "Webserver defaced" table. It's badly formatted in a couple of respects. Here's a copy of the interesting data with defacement numbers sorted by server platform:

nginx 729
IIS (total) 447
Apache 319
Rapidsite 244
SonataServer 178

nginx doesn't run on Windows; I'd expect most sites deploying it would be on Linux or BSD. Rapidsite runs on a customized Apache, and again while I haven't found a definitive statement here I'd expect virtual hosting using Apache is going to be Linux or BSD as well. I'd welcome corrections here if I'm wrong about that.

Combine this with the Netcraft data and the initial conclusion I would reach is that Linux+Apache is still the most secure platform. The only reason the Linux numbers are so inflated is that they include some really crappy web servers with significant vulnerabilities running something other than stock Apache.

I wish I had the raw data so I could ask some more interesting questions, like how things change you take the stupid user/admin data out. I don't care that it's possible to setup a platform up wrong and get simple vulnerabilities, I only care about how vulnerable a good installation is.