From:zone-h
When Zone-H started back in 2002, we were receiv ing an aver age of 2500 deface ments monthly, this number keeps on increas ing year after year. For exam ple, the last month we reg is tered over 95.000 defacements, while we only had 60.000 in 2009 for the same period.
What we can also say from these num bers is that the meth ods used are still the same: most of the vul ner abil i ties exploited are on web appli ca tions. We also know from what we mon i tored that reg is trar attacks greatly increased the past years even if this num ber is quite low com pared to the total of attacks. But not only web appli ca tions are guilty, as poor local sys tem secu rity on var i ous web host ings usu ally allow crack ers to get full access to the servers.
Worms and viruses like mpack/zeus vari ants also allow some crack ers to gather ftp account cre den tials, but most of the peo ple using those tools do not deface web sites, but pre fer to back door those sites with iframe exploits in order to hack more and more users, and to steal data from them. Isko r pitx for exam ple (but many oth ers do it as well) uses this method to break into host ings, he usu ally steals cre den tials with viruses and some times even back doors the deface ments for vis itors of the defaced sites to be exploited.
Exam ples of some attacks on reg is trars (DNS hijack ing):
http://www.zone-h.org/archive/ip=200.35.148.72
http://www.zone-h.org/archive/ip=82.197.131.109
Here are the statistics:
| Attacks by month | Year 2008 | Year 2009 | Year 2010 |
| Jan | 18.562 | 37.968 | 53.921 |
| Feb | 51.925 | 2.919 | 57.869 |
| Mar | 48.138 | 7 | 73.715 |
| Apr | 41.492 | 60.471 | 95.090 |
| May | 29.017 | 48.087 | |
| Jun | 38.445 | 43.569 | |
| Jul | 39.549 | 45.480 | |
| Aug | 74.121 | 83.850 | |
| Sep | 42.379 | 74.384 | |
| Oct | 54.971 | 54.462 | |
| Nov | 44.486 | 43.177 | |
| Dec | 34.374 | 50.035 |
| Spe cial Attacks by month | Year 2008 | Year 2009 | Year 2010 |
| Jan | 413 | 669 | 881 |
| Feb | 553 | 104 | 1.847 |
| Mar | 745 | 2 | 1.227 |
| Apr | 584 | 1.976 | 1.357 |
| May | 782 | 1.746 | |
| Jun | 712 | 942 | |
| Jul | 895 | 1.179 | |
| Aug | 1.386 | 1.127 | |
| Sep | 587 | 893 | |
| Oct | 963 | 1.237 | |
| Nov | 1.207 | 1.103 | |
| Dec | 774 | 953 | |
| Total | 9.606 | 11.929 | 6.395 |
| Sin gle attacks by month | Year 2008 | Year 2009 | Year 2010 |
| Jan | 5.150 | 14.464 | 10.335 |
| Feb | 9.395 | 1.887 | 10.938 |
| Mar | 13.691 | 7 | 11.910 |
| Apr | 12.713 | 13.107 | 14.344 |
| May | 8.020 | 16.565 | |
| Jun | 9.830 | 14.221 | |
| Jul | 13.060 | 14.241 | |
| Aug | 32.668 | 12.495 | |
| Sep | 14.233 | 9.432 | |
| Oct | 17.263 | 8.777 | |
| Nov | 17.616 | 8.002 | |
| Dec | 13.692 | 8.670 | |
| Total | 167.329 | 121.866 | 58.045 |
| Mass attacks by month | Year 2008 | Year 2009 | Year 2010 |
| Jan | 13.412 | 23.504 | 43.586 |
| Feb | 42.530 | 1.032 | 46.931 |
| Mar | 34.447 | 0 | 61.805 |
| Apr | 28.779 | 47.364 | 80.746 |
| May | 20.997 | 31.522 | |
| Jun | 28.615 | 29.348 | |
| Jul | 26.489 | 31.239 | |
| Aug | 41.453 | 71.355 | |
| Sep | 28.146 | 64.952 | |
| Oct | 37.708 | 45.685 | |
| Nov | 26.870 | 35.175 | |
| Dec | 20.682 | 41.365 | |
| Total | 350.128 | 422.539 | 294.776 |
| Oper a tional System | Year 2008 | Year 2009 | Year 2010 |
| Linux | 352.468 | 378.744 | 256.648 |
| Win dows 2003 | 117.978 | 127.128 | 81.785 |
| Win dows 2000 | 21.929 | 12.529 | 2.805 |
| FreeBSD | 13.418 | 10.050 | 5.503 |
| Unknown | 4.642 | 3.933 | 1.815 |
| Solaris 9⁄10 | 3.002 | 7.699 | 364 |
| SolarisSunOS | 1.629 | 16 | 10 |
| MacOSX | 893 | 510 | 384 |
| Win NT9x | 440 | 225 | 132 |
| Win 2008 | 364 | 2.977 | 3.165 |
| Win XP | 329 | 270 | 72 |
| HP-UX | 216 | 85 | 32 |
| NetBSDOpenBSD | 69 | 99 | 39 |
| Solaris 8 | 35 | 41 | 5 |
| BSDOS | 10 | 14 | 2 |
| AS/400 | 6 | 1 | 1 |
| Com paq Tru64 | 6 | 16 | 2 |
| NovellNetware | 5 | 5 | 0 |
| Unix | 3 | 29 | 43 |
| IRIX | 3 | 12 | 5 |
| OpenVMS | 3 | 1 | 0 |
| AIX | 3 | 1 | 0 |
| MacOS | 3 | 0 | 2 |
| OpenBSD | 1 | 0 | 0 |
| Win Vista | 1 | 1 | 0 |
| OpenServer | 1 | 0 | 0 |
| Win .NET | 1 | 1 | 0 |
| OS2 | 1 | 0 | 5 |
| Dig i tal Unix | 0 | 3 | 0 |
| SCO Unix | 0 | 19 | 2 |
| Web server defaced | Year 2008 | Year 2009 | Year 2010 |
| Apache | 390.141 | 486.294 | 319.439 |
| IIS/6.0 | 126.403 | 180.926 | 113.935 |
| IIS/5.0 | 12.551 | 66.304 | 23.664 |
| Unknown | 4.974 | 8.805 | 16.741 |
| Zeus | 1.059 | 506 | 1.972 |
| NOYB | 0 | 1.308 | 1.920 |
| IIS/4.0 | 5.846 | 3.952 | 1.149 |
| nginx | 3.465 | 870 | 729 |
| IIS/5.1 | 540 | 412 | 308 |
| Rapidsite | 158 | 110 | 244 |
| SonataServer | 4 | 557 | 178 |
| A-NETEK RobustWeb | 4 | 4 | 92 |
| Zope | 106 | 67 | 80 |
| LiteSpeed | 3 | 150 | 65 |
| IdeaWebServer | 50 | 191 | 60 |
| E-Neverland DataPalm | 15 | 16 | 41 |
| lighttpd | 25 | 33 | 37 |
| DinaHTTPd Server | 52 | 89 | 36 |
| Boa | 6 | 59 | 26 |
| Sil ver Stream Server | 36 | 40 | 20 |
| SAMBAR | 0 | 18 | 17 |
| thttpd | 8 | 29 | 15 |
| SunONE Web Server | 165 | 670 | 12 |
| ConcentricHost-Ashurbanipal | 18 | 12 | 11 |
| Lasso | 18 | 26 | 11 |
| Cougar | 1 | 21 | 10 |
| NetWare-Enterprise-Web-Server | 5 | 3 | 8 |
| Sun Java Sys tem Web Server 6.1 | 0 | 6 | 8 |
| GWS | 2 | 4 | 8 |
| DataPalm | 0 | 7 | 7 |
| Abyss | 0 | 0 | 5 |
| OBEC-Web-Serv | 0 | 13 | 5 |
| InfomexWebServer | 2 | 14 | 4 |
| tigershark | 54 | 9 | 4 |
| 4D_WebSTAR_S | 34 | 169 | 4 |
| IBM HTTP SERVER | 7 | 17 | 4 |
| Jetty | 0 | 0 | 4 |
| Netscape-Enterprise | 37 | 21 | 4 |
| OmniHTTPd | 7 | 3 | 4 |
| AOL server | 28 | 15 | 3 |
| IIS/30 | 3 | 4 | 3 |
| exteNd Appli ca tion Server | 3 | 2 | 2 |
| RaidenHTTPD | 5 | 5 | 2 |
| Resin | 9 | 25 | 2 |
| Replica | 1 | 0 | 2 |
| RRRPHP/942 | 1 | 0 | 2 |
| CoffeeMaker | 0 | 0 | 1 |
| Hix Web server | 0 | 0 | 1 |
| KFWebserver | 5 | 5 | 1 |
| NetCache | 5 | 8 | 1 |
| Ora cle AS | 0 | 3 | 1 |
| WebLogic Server | 27 | 27 | 1 |
| Xitami | 7 | 16 | 1 |
| Zort Zirt Server | 20 | 7 | 1 |
| Caudium | 2 | 3 | 0 |
| VHFFS | 15 | 2 | 0 |
| Oracle | 33 | 2 | 0 |
| Roxen | 87 | 2 | 0 |
| Lotus-Domino | 6 | 5 | 0 |
| Mistral | 1 | 1 | 0 |
| Web Cross ing | 0 | 1 | 0 |
| Netscape-FastTrack | 0 | 2 | 0 |
| Web Sphere Appli ca tion Server | 0 | 5 | 0 |
| PWS | 0 | 5 | 0 |
| Netscape-Communications | 0 | 1 | 0 |
| Attack Method | Total 2008 | Total 2009 | Total 2010 |
| Attack against the administrator/user (pass word stealing/sniffing) | 33.141 | 24.386 | 10.918 |
| Shares mis con fig u ra tion | 72.192 | 87.313 | 55.725 |
| File Inclu sion | 90.801 | 95.405 | 115.574 |
| SQL Injec tion | 32.275 | 57.797 | 33.920 |
| Access cre den tials through Man In the Mid dle attack | 37.526 | 7.385 | 1.005 |
| Other Web Appli ca tion bug | 36.832 | 99.546 | 42.874 |
| FTP Server intrusion | 32.521 | 11.749 | 5.138 |
| Web Server intrusion | 8.334 | 9.820 | 7.400 |
| DNS attack through cache poisoning | 7.541 | 3.289 | 1.361 |
| Other Server intrusion | 5.655 | 10.799 | 5.123 |
| DNS attack through social engineering | 6.310 | 2.847 | 1.358 |
| URL Poi son ing | 5.970 | 6.294 | 3.516 |
| Web Server exter nal mod ule intrusion | 4.967 | 2.265 | 1.313 |
| Remote admin is tra tive panel access through bruteforcing | 9.991 | 6.862 | 7.046 |
| Rerout ing after attack ing the Firewall | 8.143 | 3.107 | 1.267 |
| SSH Server intrusion | 6.231 | 4.624 | 4.550 |
| RPC Server intrusion | 12.359 | 5.821 | 2.512 |
| Rerout ing after attack ing the Router | 9.170 | 2.671 | 1.327 |
| Remote ser vice pass word guessing | 6.641 | 3.252 | 1.103 |
| Tel net Server intrusion | 4.050 | 3.476 | 2.562 |
| Remote admin is tra tive panel access through pass word guessing | 4.915 | 1.139 | 422 |
| Remote admin is tra tive panel access through social engineering | 4.431 | 1.502 | 472 |
| Remote ser vice pass word bruteforce | 5.563 | 3.658 | 1.002 |
| Mail Server intrusion | 1.441 | 2.314 | 1.121 |
| Not avail able | 70.457 | 87.684 | 24.493 |
| Attack Rea son | Year 2008 | Year 2009 | Year 2010 |
| I just want to be the best defacer | 201.270 | 122.442 | 78.761 |
| Heh just for fun! | 96.438 | 176.725 | 179.707 |
| As a challenge | 61.112 | 26.921 | 13.422 |
| Polit i cal reasons | 50.578 | 72.767 | 19.360 |
| Patriotism | 46.619 | 40.374 | 17.877 |
| Revenge against that website | 4.802 | 23.513 | 15.147 |
| Not avail able | 56.640 | 81.667 | 28.545 |
Linux X Win dows
| Year | Total deface ments Linux (all dis tros) | Total deface ments Win dows (all ver sions) |
| 2000 | 931 | 2.587 |
| 2001 | 4.080 | 13.549 |
| 2002 | 22.693 | 43.441 |
| 2003 | 191.720 | 58.571 |
| 2004 | 247.113 | 119.402 |
| 2005 | 276.294 | 179.945 |
| 2006 | 446.039 | 258.129 |
| 2007 | 305.968 | 139.427 |
| 2008 | 352.449 | 141.061 |
| 2009 | 378.728 | 143.151 |
| 2010 | 256.648 | 87.959 |
| Total | 2.482,663 | 1.187,222 |
LEG END: In red — First quar ter data
Text in blue — Site down for main te nance
UPDATE: A new fea ture are avi able on the Stats page, now you can check out yearly, monthly and daily sta tis tics http://www.zone-h.org/stats
本文还暂无回复