Linux web servers broken into most often
Security portal Zone-H, which documents attacks on and defacements of web pages, has compiled statistics about the attacks within the last year. Apparently, Linux servers were successfully defaced twice as often as Windows servers. Apache servers were defaced three times as often as Microsoft's IIS. Zone-H registered a total of just under 500,000 defacements in 2007.
Defacements by operating system
Operating system | Attacks in 2007 |
Linux | 306,076 |
Windows | 139,503 |
FreeBSD | 18,542 |
Mac OS X | 1,488 |
Defacements by server software
Server | Attacks in 2007 |
Apache | 319,439 |
IIS | 139,059 |
The methods of attack are more varied. Attackers were most successful by using cracked, sniffed or stolen user and admin passwords. Almost 20 percent of successful defacements in 2007 exploited flaws which allowed the injection of files or SQL commands.
Defacements by attack method
Attack method | Attacks in 2007 |
Stolen password | 141,660 |
Incorrectly configured shares | 67,437 |
File inclusion | 61,011 |
SQL injection | 35,407 |
Access data by Man-in-the-Middle | 28,046 |
Other flaws in web applications | 18,048 |
FTP server hack | 17,023 |
Zone-H speculates that Linux was attacked most often because so many servers have now been migrated to Linux. Statistically, weak or exposed passwords, security holes in web applications and incorrect configuration are the most common causes for attacks succeeding. While it is trivial to choose a better password, guidance is nevertheless available for the more complex task of secure PHP configuration on web servers.
See also:
- Statistics report 2005-2007, Zone-H statistics
(mba)