statistical breakdown of the collected website defacements from the last few years

From: Victor S.
Sent on: Sunday, March 16, 2008 12:41 PM
"Zone-H have recently posted the statistical breakdown of the collected website defacements from the last few years. "Surprisingly", in 2007 more Linux servers suffered a successful attack than all versions of Windows, combined. Similarly, more Apache installations were successfully attacked than all IIS versions combined. A day after posting this data, Zone-H have questioned the appropriateness of continuing to operate the archive. Despite the valuable information that can be gleaned from the service, it may soon be lost to the world. The natural successor to the now-defunct Alldas archive of defaced websites, Zone-H's archive maintains records of over 2.6 million defaced sites but may be shut down due to the continuous accusations of impropriety leveled against them any time they disclose and mirror a reported defacement."
 
Here is a copy of it, since site is getting heavy traffic.
 
-------------------------------
 
Every year, Zone-H publishes stats of registered attacks.
In the early months of Zone-H, we received an average of 2.500 notifications per month, last year this average jumped to[masked] monthly attacks. In order to have better idea of the attacks number, during January 2007,[masked] attacks were validated, and in the month of June - when a DDoS cyberwar in Russia paralyzed thousands of web sites, Zone-H included - we validated[masked] defacements. The record occurred in the month of August 2006, with[masked] registered attacks.

In the past the most attacked operating system was Windows, but many servers were migrated from Windows to Linux...
Therefore the attacks migrated as well, as Linux is now the most attacked operating system with[masked] defacements against[masked] in Windows systems (numbers calculated from 2000).


 
 

Attacks by month   Year 2005
 Year 2006   Year 2007 
 Jan  45.929  43.585   62.092 
 Feb  47.059  37.061  52.697
 Mar  41.175  38.630  54.842
 Apr  48.995  43.007  40.919
 May  41.735  86.135  41.410
 Jun  43.870  51.888  17.797
 Jul  41.469  95.461  56.763
 Aug  41.917  [masked]  38.362
 Sep  31.853  69.643  29.236
 Oct  40.724  52.421  31.681
 Nov  35.000  50.940  31.925
 Dec  34.114  52.945  23.181
 Total  [masked]
 [masked]
 [masked]



Special Attacks by month   Year 2005
 Year 2006
 Year 2007
 Jan  832  923
 863
 Feb  924
 517
 613
 Mar  755
 787
 656
 Apr  958
 682
 592
 May  903
 597
 349
 Jun  822
 821
 176
 Jul  1.607  1.746  715
 Aug  1.749
 1.187
 840
 Sep  799
 911
 717
 Oct  741
 849
 1.029
 Nov  591
 1.004
 763
 Dec  565
 890
 468
 Total  11.246  10.914  7.781
 
 Single attacks by month   Year 2005
 Year 2006   Year 2007 
 Jan  9.584  10.846   14.446 
 Feb  6.233  10.865  11.135
 Mar  8.128  14.625  13.324
 Apr  12.398  13.591  10.394
 May  8.950  14.397  9.870
 Jun  13.203  27.832  3.827
 Jul  11.384  24.167  14.537
 Aug  10.328  20.198  10.300
 Sep  8.667  16.589  8.954
 Oct  14.263  12.407  10.038
 Nov  10.627  11.679  8.384
 Dec  9.140  12.911  7.344
Total  [masked]
 [masked]  [masked]


 Mass attacks by month   Year 2005
 Year 2006   Year 2007 
 Jan  36.345  32.739  47.646
 Feb  40.826  26.196  41.562
 Mar  33.047  24.005  41.518
 Apr  36.597  29.416  30.525
 May  32.785  71.738  31.540
 Jun  30.667  24.056  13.970
 Jul  30.085  71.294  42.226
 Aug  31.589  [masked]  28.062
 Sep  23.186  53.054  20.282
 Oct  26.461  40.014  21.643
 Nov  24.373  39.261  23.541
 Dec  24.974  40.034  15.837
 Total  [masked]
 [masked]
 [masked]



 Operational System   Year 2005   Year 2006   Year 2007 
 Linux  [masked]  [masked]  [masked]
 Windows 2003  72.377  [masked]  [masked]
 Windows 2000  [masked]  69.754  23.838
 FreeBSD  23.653  31.075  18.542
 Unknown
 2.834  3.802  9.314
 SolarisSunOS  6.193  9.797  5.226
 Windows NT/9x  5.921  4.023  1.204
 MacOSX  2.139  2.247  1.488
 Windows XP  498  393  323
 HP-UX  667  166  259
 AIX  367  101  124
 SCO UNIX  19  5  92
 Unix  7  134  79
 Tru64  54  25  40
 OpenBSD  21  13  39
 NetBSDOpenBSD  366  229  36
 IRIX  771  211  34
 BSDOS  498  49  26
 NovellNetware  30  24  9
 OpenServer  0  0  7
 OS390
 1  3  3
 MacOS  27  6  3
 OS2  9  9  2
 Compaq Tru64  23  13  1
 NetBSD  31  14  1
 Digital UNIX  2  3  1
 Windows .NET  10  1  1
 VM  1  0  0


 Webserver defaced  Year 2005
 Year 2006   Year 2007 
 Apache  [masked]  [masked]  [masked]
 IIS/6.0  72.338  [masked]  [masked]
 IIS/5.0  99.616  66.304  23.664
 Unknown  4.974  8.805  16.741
 Zeus   1.059  506  1.972
 NOYB  0  1308  1.920
 IIS/4.0  5.846  3.952  1.149
 nginx   136  870  729
 IIS/5.1  540  412  308
 Rapidsite   158  110  244
 SonataServer
 4  557  178
 A-NETEK RobustWeb   4  4  92
 Zope   106  67  80
 LiteSpeed   3  150  65
 IdeaWebServer   50  191  60
 E-Neverland DataPalm   15  16  41
 lighttpd   25  33  37
 DinaHTTPd Server   52  89  36
 Boa   6  59  26
 SilverStream Server   36  40  20
 SAMBAR   0  18  17
 thttpd   8  29  15
 SunONE WebServer   165  670  12
 ConcentricHost-Ashurbanipal   18  12  11
 Lasso   18  26  11
 Cougar   1  21  10
 NetWare-Enterprise-Web-Server
 5  3  8
 Sun Java System Web Server 6.1   0  6  8
 GWS   2  4  8
 DataPalm   0  7  7
 Abyss   0  0  5
 OBEC-Web-Serv   0  13  5
 InfomexWebServer  2  14  4
 tigershark  54  9  4
 4D_WebSTAR_S  34  169  4
 IBM HTTP SERVER  7  17  4
 Jetty  0  0  4
 Netscape-Enterprise  37  21  4
 OmniHTTPd  7  3  4
 AOL server  28  15  3
 IIS/3.0  3  4  3
 exteNd Application Server   3  2  2
 RaidenHTTPD   5  5  2
 Resin   9  25  2
 Replica   1  0  2
 RRRPHP/9.4.2   1  0  2
 CoffeeMaker   0  0  1
 Hix Webserver   0  0  1
 KFWebserver   5  5  1
 NetCache   5  8  1
 Oracle AS   0  3  1
 WebLogic Server   27  27  1
 Xitami   7  16  1
 Zort Zirt Server  20  7  1
 Caudium  2
 3  0
 VHFFS  15  2  0
 Oracle  33  2
 0
 Roxen  87  2  0
 Lotus-Domino  6  5
 0
 Mistral  1  1  0
 Web Crossing  0
 1  0
 Netscape-FastTrack  0
 2
 0
 WebSphere Application Server  0  5
 0
 PWS  0  5
 0
 Netscape-Communications  0  1
 0


 
 Attack Method  Total 2005   Total 2006   Total 2007
 Attack against the administrator/user (password stealing/sniffing)
 48.006  [masked]  [masked]
 Shares misconfiguration   39.020  36.529  67.437  
 File Inclusion   [masked]  [masked]  61.011
 SQL Injection     
 36.253  47.212  35.407
 Access credentials through Man In the Middle attack   20.427  21.209  28.046
 Other Web Application bug   50.383  6.529  18.048
 FTP Server intrusion   58.945  55.611  17.023
 Web Server intrusion   38.975  30.059  13.405
 DNS attack through cache poisoning   7.541  9.131  9.747
 Other Server intrusion   1.4732  16.050  8.050
 DNS attack through social engineering   4.719  5.959  7.585
 URL Poisoning   2.897  7.988  6.931
 Web Server external module intrusion   8.487  17.290  6.690
 Remote administrative panel access through bruteforcing   2.738  4.988  6.607
 Rerouting after attacking the Firewall   988  4.308  6.127
 SSH Server intrusion   2.644  14.746  5.723
 RPC Server intrusion 
 1.821  5.793  5.516
 Rerouting after attacking the Router   1.520  4.867  5.257
 Remote service password guessing
 939  7.008  5.105
 Telnet Server intrusion   1.863  6.252  4.753
 Remote administrative panel access through password guessing   1.014  4416  4.753
 Remote administrative panel access through social engineering 
 780  5472  3.127
 Remote service password bruteforce   3.576  4018  3.125
 Mail Server intrusion   1.198  4195  1.315
Not available
 11.382  37243  9.724


 Attack Reason  Year 2005   Year 2006   Year 2007 
 I just want to be the best defacer   [masked]  [masked]  [masked]
 Heh...just for fun!  [masked]  [masked]  95.664
 As a challenge   59.991  72.287  60.314
 Political reasons  61.068  77.350  31.073
 Patriotism  53.168  30.207
 28.307
 Revenge against that website  17.847  11.489  10.120
 Not available  26.662  84.929  58.014



Linux X Windows

 Year  Total defacements Linux (all distros)   Total defacements Windows (all versions) 
 2000  931  2.586
 2001  4.081  13.552
 2002  22.693  43.426
 2003  [masked]  58.559
 2004  [masked]  [masked]
 2005  [masked]  [masked]
 2006  [masked]  [masked]
 2007  [masked]  [masked]
 Total  [masked]  [masked]

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy