Language Selection

English French German Italian Portuguese Spanish

Web server attacks 'growing fast'

Filed under
Security

The survey by Zone-H revealed that web server attacks and website defacements grew by 36% during 2004 when almost 400,000 incidents were recorded.

The attacks include 49 separate sorties against US military servers and huge numbers of website defacements carried out during organised hacking sprees.

The research revealed that Christmas holidays are a very popular time for malicious hackers to attack sites.

The figures were collated by Zone-H - a web-based organisation that uses a world-wide network of volunteers to spot and investigate web server attacks and site defacements.

Typically defacements involve making the public facing pages of a website display a message showing which malicious hacker or group is responsible.

Website defacements were the most popular form of attack and made up the majority of the 392,545 recorded incidents.

"Defacement is just one option for an attacker," said Roberto Preatoni, Zone-H co-ordinator. "In most circumstances the techniques used by defacers are the same techniques used by serious criminals to cause more serious damage."

Attacks involve penetrating a site, sometimes for criminal ends, to get at the information it holds.

The report found that more than half of all attacks and defacements, 55%, succeeded by exploiting a known bug or vulnerability or an administration mistake.

ode to exploit these loopholes often appears soon after software makers publicly warn about their existence. However, many hacking groups exchange information about bugs in software long before they are publicly acknowledged.

Administration mistakes involve using easily guessable or crackable passwords. Many net server administrators forget or do not know about unused systems on a computer that can accidentally give attackers a way in.

Full Story.

More in Tux Machines

Leftovers: Gaming

Leftovers: Software

today's howtos

ACPI, kernels and contracts with firmware

This ends up being a pain in the neck in the x86 world, but it could be much worse. Way back in 2008 I wrote something about why the Linux kernel reports itself to firmware as "Windows" but refuses to identify itself as Linux. The short version is that "Linux" doesn't actually identify the behaviour of the kernel in a meaningful way. "Linux" doesn't tell you whether the kernel can deal with buffers being passed when the spec says it should be a package. "Linux" doesn't tell you whether the OS knows how to deal with an HPET. "Linux" doesn't tell you whether the OS can reinitialise graphics hardware. Read more