In association with heise online

18 March 2008, 10:52

Linux web servers broken into most often

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security portal Zone-H, which documents attacks on and defacements of web pages, has compiled statistics about the attacks within the last year. Apparently, Linux servers were successfully defaced twice as often as Windows servers. Apache servers were defaced three times as often as Microsoft's IIS. Zone-H registered a total of just under 500,000 defacements in 2007.

Defacements by operating system

Operating system Attacks in 2007
Linux 306,076
Windows 139,503
FreeBSD 18,542
Mac OS X 1,488

Defacements by server software

Server Attacks in 2007
Apache 319,439
IIS 139,059

The methods of attack are more varied. Attackers were most successful by using cracked, sniffed or stolen user and admin passwords. Almost 20 percent of successful defacements in 2007 exploited flaws which allowed the injection of files or SQL commands.

Defacements by attack method

Attack method Attacks in 2007
Stolen password 141,660
Incorrectly configured shares 67,437
File inclusion 61,011
SQL injection 35,407
Access data by Man-in-the-Middle 28,046
Other flaws in web applications 18,048
FTP server hack 17,023

Zone-H speculates that Linux was attacked most often because so many servers have now been migrated to Linux. Statistically, weak or exposed passwords, security holes in web applications and incorrect configuration are the most common causes for attacks succeeding. While it is trivial to choose a better password, guidance is nevertheless available for the more complex task of secure PHP configuration on web servers.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit