On UrbanBaby: Do modern parents try too hard?
BNET Business Network:
BNET
TechRepublic
ZDNet

March 17th, 2008

Zone-H web defacement data shows platforms don't matter

Posted by George Ou @ 7:47 am

Categories: Hackers, Microsoft, Open source, Vulnerability research

Tags: Web, Defacement, Web Site, News, Microsoft IIS Server, Zone-H, Web Site Development, Web Technology, Internet, George Ou

Web defacement archive Zone-H.org has produced a comprehensive three-year report on Web Server defacements for 2005 to 2007.  What makes the Zone-H archive unique is that the data is gathered from the hackers/defacers themselves and every defaced website is confirmed and mirrored on Zone-H permanently.

Contrary to popular perception, Linux/Apache websites gets broken in to far more often than Windows/IIS websites.  Given the fact that Windows/IIS and Linux/Apache market share is comparable in recent years, the comparison is a valid one.  The following is a chart I compiled from the Zone-H three-year report.

As it turns out, this has little to do with the fact that Microsoft IIS 6.0 has far fewer vulnerabilities than Apache 2.0.  When we look deeper at the “Attack Method” data in the Zone-H report, it turns out that the OS and Web Server platform you run has little to do with how secure you are.  What does seem to make all the difference in the world is how well you administrate the website and how carefully you write your web applications.

By looking at the trend in the last three years, it would seem that website administrators may have finally wised up to “File Inclusion” attacks.  In 2005 and 2006, “File Inclusion” was the most likely way a website gets defaced but it declined to third place in 2007.  The overall trend seems to be positive as website defacement peaked in 2006 and started to drop in 2007.  The bad news is that password stealing or sniffing has spiked upwards in 2006 and 2007 and became the most likely attack vector.

George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 21 Talkback(s)
I stand corrected, but under protest. happy
As I interpret the entry for administer in wiktionary:

When one administers first aid, it's a hands-on process - as in meaning 1.

When one administers a web site, one is managing the pe... (Read the rest)
Posted by: Lizzie_B Posted on: 03/19/08 You are currently: a Guest | | Terms of Use
No surprise  croberts | 03/17/08
Certainly guts a lot of the rivalries  ejhonda | 03/17/08
Some people will always scream  georgeou | 03/17/08
I'll give you one fr0thy - be here any minute  socialism=nowhere | 03/18/08
HAHAHAHA  top100developers | 03/18/08
There's bound to be a spike  fr0thy@... | 03/17/08
I've got some problems finding data that supports this remark  tombalablomba | 03/17/08
Netcraft  toadlife | 03/17/08
Clarification  toadlife | 03/17/08
Programmer capability...  bportlock | 03/17/08
I learned how to code php...  toadlife | 03/17/08
The curse of "register_globals"...  bportlock | 03/17/08
Netcraft data  georgeou | 03/17/08
As with the other article  Been_Done_Before | 03/17/08
I think Windows has slightly more when you include parked sites  georgeou | 03/17/08
i wonder what the numbers would be if...  Been_Done_Before | 03/18/08
Very interesting...  socialism=nowhere | 03/18/08
"Administrate"?  Lizzie_B | 03/18/08
It would help if _I_ could type...  Lizzie_B | 03/18/08
Yes, "administrate" sucks, but:  Master Dave | 03/18/08
I stand corrected, but under protest. happy  Lizzie_B | 03/19/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads