[Zone-h] Defacements Statistics 2010 -Almost 1,5 million websites defaced, what's happening?

Last year the Zone-​H archived a sad record num­ber, we archived 1.419.203 web­sites deface­ments.
Why and how this is hap­pen­ing?
If you are look­ing at on the stats, the things remain the same: file inclu­sion, sql injec­tion, web­dav attacks and shares mis­con­fig­u­ra­tion are still at the top ranks of the attack meth­ods used by the defac­ers to gain first access into the server. As an impor­tant fac­tor influ­enc­ing the stats we con­sider the fact that last year brought a very high num­ber of the local linux ker­nel exploits.

Since many years ago, Linux became the most used OS for web­servers and of course the pre­ferred tar­get for the defac­ers. Last year we archived 1.126.987 attacks against web­sites run­ning on the Linux sys­tems. The most used exploit by the defac­ers is the CVE-​2010 – 3301,
that was fixed in 2007 and was mys­te­ri­ously rein­tro­duced in 2008, in a large pile of ker­nel ver­sions x86_​64.

But should be the out-​of-​date Linux server the only rea­son of this huge amount of deface­ments?
Yes and no. We were talk­ing about local ker­nel exploits, but the first prob­lem is in the web­site code. For exam­ple, we received too many sin­gle deface­ments due a remote upload flaw in OsCom­merce CMS, that allows the defac­ers to upload any­thing to the CMS folder with­out a proper cre­den­tial check. When this flaw became pub­lic, the devel­op­ers had a too much time to fix it, but the fix appeared few months later. Pity.
Year after year, the devel­op­ers are still cod­ing by an unsafely, keep­ing tons of the remote and local file inclu­sion and the SQL injec­tions, that the attack­ers use as the first step to gain the access into the server OS.
Then an another prob­lem with the out-​of-​date sys­tem is that the old ker­nel ver­sions indi­cate also that another pack­ages (some­times also mis­con­fig­ured) by per­form­ing priv­i­lege esca­la­tion for the services/​users access.
But we should not speak only about the Linux servers, the Win­dows Servers are also in the stats, (not) sur­pris­ingly still hacked by the same flaws like in year 2000 and early. Every year we also recorded a high num­ber of the web­dav and shares mis­con­fig­u­ra­tion attacks. For web­dav there are tons of the updates, for shares too, admin­is­tra­tors just need to put their hands on it and update and/​or change the con­fig­u­ra­tion.

From the results one out­come is clear – code devel­oper teams and web­server admins are still liv­ing in two dis­tinct worlds. And if some­thing is not work­ing prop­erly, their answer is that this is most likely the other side’s fault. While this “fight” con­tin­ues, the deface­ment count still grows up.
If you have any com­ments, send them to comments@​zone-​h.​org
Click vào ảnh để vào link gốc <======

Attacks by month

Year 2010
Jan 53.915
Feb 57.867
Mar 73.712
Apr 95.078
May 83.182
Jun 81.865
Jul 87.364
Aug 63.367
Sep 185.741
Oct 194.692
Nov 258.355
Dec 184.064



Spe­cial Attacks by month Year 2010
Jan 891
Feb 1.851
Mar 1.228
Apr 1.361
May 1.693
Jun 1.711
Jul 1.198
Aug 1.411
Sep 1.265
Oct 1.463
Nov 1.227
Dec 1.576
Total 16.875


Sin­gle attacks by month Year 2010
Jan 10.332
Feb 10.936
Mar 11.908
Apr 14.333
May 12.496
Jun 15.352
Jul 13.762
Aug 13.449
Sep 16.559
Oct 13.366
Nov 32.829
Dec 24.316
Total 189.638


Mass attacks by month Year 2010
Jan 43.583
Feb 46.931
Mar 61.804
Apr 80.745
May 70.686
Jun 66.513
Jul 73.602
Aug 49.918
Sep 169.182
Oct 181.326
Nov 225.526
Dec 159.748
Total 1.229.564


Oper­a­tive System Year 2010
Linux 1.126.987
Win­dows 2003 197.822
FreeBSD 46.992
Win 2008 15.083
F5 Big-​IP* 14.000
Unknown 7.840
Win 2000 6.097
Solaris 910 2.373
MacOSX 1.038
Cit­rix Netscaler* 232
Win NT9x 221
Win XP 196
NetBSDOpenBSD 99
HP-​UX 73
IRIX 47
SCO UNIX 22
Unix 15
SolarisSunOS 13
BSDOS 12
Solaris 8 11
OpenBSD 8
Com­paq Tru64 5
Com­paq OS2 5
OS390 3
MacOS 3
AIX 3
NovellNetware 1
AS/​400 1


Web­server defaced Year 2010
Apache 1.095.982
IIS/6.0 195.154
nginx 40.640
LiteSpeed 37.795
Zeus 14.111
Unknown 10.763
IIS/7.0 10.433
IIS/5.0 6.109
IIS/7.5 4.002
NOYB* 2.083
lighttpd 733
YTS* 306
IdeaWebServer 305
IIS/5.1 196
IIS/4.0 141
WebSitePro 59
Microsoft-​HTTPAPI 52
Rapidsite 51
IBM HTTP SERVER 38
SunONE WebServer 37
ConcentricHost-​Ashurbanipal* 21
Squid 21
Cherokee 20
Zope 15
DinaHTTPd Server 13
Resin 11
Sil­ver­Stream Server 10
Sun-Java-System-Web-Server/7.0 10
exteNd Appli­ca­tion Server 10
Netscape-​Enterprise 9
DataPalm 6
Allegro-​Software-​RomPager 6
IceWarp 5
AOL server 5
Abyss* 3
Sun Java Sys­tem Appli­ca­tion Server 9.1_02 3
HP-​ChaiServer 3
GHS* 2
Jetty* 2
GWS* 2
Sun Java Sys­tem Web Server 6.1 2
Roxen* 1
Caudium* 1
Squeegit 1
Lasso 1
Net Port Soft­ware 1.1 1
NetWare-​Enterprise-​Web-​Server 1
4D_​WebSTAR_​S 1
OmniHTTPd 1
SAMBAR 1
Ora­cle AS 1


Attack Method Year 2010
File Inclusion 634.620
Attack against the administrator/​user (pass­word stealing/​sniffing) 220.521
Other Web Appli­ca­tion bug 124.878
SQL Injection 98.250
Not available 91.402
Known vul­ner­a­bil­ity (i.e. unpatched system) 42.849
Undis­closed (new) vulnerability 25.552
Other Server intrusion 19.528
Web Server intrusion 18.976
FTP Server intrusion 15.619
SSH Server intrusion 15.214
Con­fig­u­ra­tion /​admin. mistake 13.901
URL Poisoning 13.191
Remote admin­is­tra­tive panel access through bruteforcing 12.132
Brute force attack 10.145
Shares misconfiguration 9.530
RPC Server intrusion 7.911
Tel­net Server intrusion 7.530
Web Server exter­nal mod­ule intrusion 7.368
Mail Server intrusion 6.260
social engineering 4.776
DNS attack through cache poisoning 3.689
DNS attack through social engineering 2.878
Rerout­ing after attack­ing the Firewall 2.550
Rerout­ing after attack­ing the Router 2.458
Remote ser­vice pass­word bruteforce 1.987
Remote ser­vice pass­word guessing 1.917
Access cre­den­tials through Man In the Mid­dle attack 1.752
Remote admin­is­tra­tive panel access through social engineering 992
Remote admin­is­tra­tive panel access through pass­word guessing 849


Attack Reason Year 2010
Heh…just for fun! 829.975
I just want to be the best defacer 289.630
Not available 94.017
Patriotism 58.970
Polit­i­cal reasons 57.083
Revenge against that website 45.093
As a challenge 44.457


Linux X Windows
Year Total deface­ments Linux (all distros) Total deface­ments Win­dows (all versions)
2000 931 2.587
2001 4.080 13.549
2002 22.693 43.441
2003 191.720 58.571
2004 247.113 119.402
2005 276.294 179.945
2006 446.039 258.129
2007 305.968 139.427
2008 352.449 141.061
2009 378.728 143.151
2010 1.126.987 219.419
Total 3.076.889 1.318.682

Comments

Popular posts from this blog

[Hack crack] Tổng hợp Google Dork

[Hack Crack] Full SQL inject cheat sheet - DarkGh0st Team

[Hack crack] Tổng hợp Google Dork 1