|
Statistics report 2005-2007 |
|
|
|
|
Written by Marcelo Almeida (Vympel)
|
|
Tuesday, 04 March 2008 |
 Every year, Zone-H publishes stats of registered attacks.
In the early months of Zone-H, we received an average of 2.500 notifications per month, last year this average jumped to 37.915 monthly attacks. In order to have better idea of the attacks number, during January 2007, 62.092 attacks were validated, and in the month of June - when a DDoS cyberwar in Russia paralyzed thousands of web sites, Zone-H included - we validated 17.797 defacements. The record occurred in the month of August 2006, with 130.645 registered attacks.
In the past the most attacked operating system was Windows, but many servers were migrated from Windows to Linux...
Therefore the attacks migrated as well, as Linux is now the most
attacked operating system with 1.485.280 defacements against 815.119 in
Windows systems (numbers calculated from 2000).
| Attacks by month
|
Year 2005
|
Year 2006
|
Year 2007
|
| Jan |
45.929 |
43.585 |
62.092 |
| Feb |
47.059 |
37.061 |
52.697 |
| Mar |
41.175 |
38.630 |
54.842 |
| Apr |
48.995 |
43.007 |
40.919 |
| May |
41.735 |
86.135 |
41.410 |
| Jun |
43.870 |
51.888 |
17.797 |
| Jul |
41.469 |
95.461 |
56.763 |
| Aug |
41.917 |
130.645 |
38.362 |
| Sep |
31.853 |
69.643 |
29.236 |
| Oct |
40.724 |
52.421 |
31.681 |
| Nov |
35.000 |
50.940 |
31.925 |
| Dec |
34.114 |
52.945 |
23.181 |
| Total |
493.840
|
752.361
|
480.905
|
| Special Attacks by month
|
Year 2005
|
Year 2006
|
Year 2007
|
| Jan |
832 |
923
|
863
|
| Feb |
924
|
517
|
613
|
| Mar |
755
|
787
|
656
|
| Apr |
958
|
682
|
592
|
| May |
903
|
597
|
349
|
| Jun |
822
|
821
|
176
|
| Jul |
1.607
|
1.746
|
715
|
| Aug |
1.749
|
1.187
|
840
|
| Sep |
799
|
911
|
717
|
| Oct |
741
|
849
|
1.029
|
| Nov |
591
|
1.004
|
763
|
| Dec |
565
|
890
|
468
|
| Total |
11.246 |
10.914 |
7.781 |
| Single attacks by month
|
Year 2005
|
Year 2006
|
Year 2007
|
| Jan |
9.584 |
10.846 |
14.446 |
| Feb |
6.233 |
10.865 |
11.135 |
| Mar |
8.128 |
14.625 |
13.324 |
| Apr |
12.398 |
13.591 |
10.394 |
| May |
8.950 |
14.397 |
9.870 |
| Jun |
13.203 |
27.832 |
3.827 |
| Jul |
11.384 |
24.167 |
14.537 |
| Aug |
10.328 |
20.198 |
10.300 |
| Sep |
8.667 |
16.589 |
8.954 |
| Oct |
14.263 |
12.407 |
10.038 |
| Nov |
10.627 |
11.679 |
8.384 |
| Dec |
9.140 |
12.911 |
7.344 |
| Total |
122.905
|
190.107 |
122.553 |
| Mass attacks by month
|
Year 2005
|
Year 2006
|
Year 2007
|
| Jan |
36.345 |
32.739 |
47.646 |
| Feb |
40.826 |
26.196 |
41.562 |
| Mar |
33.047 |
24.005 |
41.518 |
| Apr |
36.597 |
29.416 |
30.525 |
| May |
32.785 |
71.738 |
31.540 |
| Jun |
30.667 |
24.056 |
13.970 |
| Jul |
30.085 |
71.294 |
42.226 |
| Aug |
31.589 |
110.447 |
28.062 |
| Sep |
23.186 |
53.054 |
20.282 |
| Oct |
26.461 |
40.014 |
21.643 |
| Nov |
24.373 |
39.261 |
23.541 |
| Dec |
24.974 |
40.034 |
15.837 |
| Total |
370.935
|
562.254
|
358.352 |
| Operational System |
Year 2005
|
Year 2006
|
Year 2007
|
| Linux |
276.350 |
446.311 |
306.076
|
| Windows 2003 |
72.377 |
183.953 |
114.137
|
| Windows 2000 |
101.151 |
69.754 |
23.838
|
| FreeBSD |
23.653 |
31.075 |
18.542 |
Unknown
|
2.834 |
3.802 |
9.314
|
| SolarisSunOS
|
6.193 |
9.797 |
5.226
|
| Windows NT/9x |
5.921 |
4.023 |
1.204
|
| MacOSX |
2.139 |
2.247 |
1.488
|
| Windows XP |
498 |
393 |
323
|
| HP-UX |
667 |
166 |
259
|
| AIX |
367 |
101 |
124
|
| SCO UNIX |
19 |
5 |
92
|
| Unix |
7 |
134 |
79
|
| Tru64 |
54 |
25 |
40
|
| OpenBSD |
21 |
13 |
39
|
| NetBSDOpenBSD |
366 |
229 |
36
|
| IRIX |
771 |
211 |
34
|
| BSDOS |
498 |
49 |
26
|
| NovellNetware |
30 |
24 |
9
|
| OpenServer |
0 |
0 |
7
|
OS390
|
1 |
3 |
3
|
| MacOS |
27 |
6 |
3 |
| OS2 |
9 |
9 |
2 |
| Compaq Tru64 |
23 |
13 |
1 |
| NetBSD |
31 |
14 |
1 |
| Digital UNIX |
2 |
3 |
1 |
| Windows .NET |
10 |
1 |
1 |
| VM |
1 |
0 |
0 |
| Webserver defaced |
Year 2005
|
Year 2006
|
Year 2007
|
| Apache |
308.281 |
486.294 |
319.439 |
| IIS/6.0 |
72.338 |
180.926 |
113.935 |
| IIS/5.0 |
99.616 |
66.304 |
23.664 |
| Unknown |
4.974 |
8.805 |
16.741 |
| Zeus |
1.059 |
506 |
1.972 |
| NOYB |
0 |
1308 |
1.920 |
| IIS/4.0 |
5.846 |
3.952 |
1.149 |
| nginx |
136 |
870 |
729 |
| IIS/5.1 |
540 |
412 |
308 |
| Rapidsite |
158 |
110 |
244 |
SonataServer
|
4 |
557 |
178 |
| A-NETEK RobustWeb |
4 |
4 |
92 |
| Zope |
106 |
67 |
80 |
| LiteSpeed |
3 |
150 |
65 |
| IdeaWebServer |
50 |
191 |
60 |
| E-Neverland DataPalm |
15 |
16 |
41 |
| lighttpd |
25 |
33 |
37 |
| DinaHTTPd Server |
52 |
89 |
36 |
| Boa |
6 |
59 |
26 |
| SilverStream Server |
36 |
40 |
20 |
| SAMBAR |
0 |
18 |
17 |
| thttpd |
8 |
29 |
15 |
| SunONE WebServer |
165 |
670 |
12 |
| ConcentricHost-Ashurbanipal |
18 |
12 |
11 |
| Lasso |
18 |
26 |
11 |
| Cougar |
1 |
21 |
10 |
NetWare-Enterprise-Web-Server
|
5 |
3 |
8 |
| Sun Java System Web Server 6.1 |
0 |
6 |
8 |
| GWS |
2 |
4 |
8 |
| DataPalm |
0 |
7 |
7 |
| Abyss |
0 |
0 |
5 |
| OBEC-Web-Serv |
0 |
13 |
5 |
| InfomexWebServer |
2 |
14 |
4 |
| tigershark |
54 |
9 |
4 |
| 4D_WebSTAR_S |
34 |
169 |
4 |
| IBM HTTP SERVER |
7 |
17 |
4 |
| Jetty |
0 |
0 |
4 |
| Netscape-Enterprise |
37 |
21 |
4 |
| OmniHTTPd |
7 |
3 |
4 |
| AOL server |
28 |
15 |
3 |
| IIS/3.0 |
3 |
4 |
3
|
| exteNd Application Server |
3 |
2 |
2 |
| RaidenHTTPD |
5 |
5 |
2 |
| Resin |
9 |
25 |
2 |
| Replica |
1 |
0 |
2 |
| RRRPHP/9.4.2 |
1 |
0 |
2 |
| CoffeeMaker |
0 |
0 |
1 |
| Hix Webserver |
0 |
0 |
1 |
| KFWebserver |
5 |
5 |
1 |
| NetCache |
5 |
8 |
1 |
| Oracle AS |
0 |
3 |
1 |
| WebLogic Server |
27 |
27 |
1 |
| Xitami |
7 |
16 |
1 |
| Zort Zirt Server |
20 |
7 |
1 |
| Caudium |
2
|
3 |
0 |
| VHFFS |
15 |
2 |
0 |
| Oracle |
33 |
2
|
0 |
| Roxen |
87 |
2 |
0 |
| Lotus-Domino |
6 |
5
|
0 |
| Mistral |
1 |
1 |
0 |
| Web Crossing |
0
|
1 |
0
|
| Netscape-FastTrack |
0
|
2
|
0
|
| WebSphere Application Server |
0 |
5
|
0
|
| PWS |
0 |
5
|
0 |
| Netscape-Communications |
0 |
1
|
0 |
| Attack Method
|
Total 2005
|
Total 2006
|
Total 2007
|
Attack against the administrator/user (password stealing/sniffing)
|
48.006 |
207.323 |
141.660 |
| Shares misconfiguration |
39.020 |
36.529 |
67.437
|
| File Inclusion |
118.395 |
148.082 |
61.011
|
SQL Injection
|
36.253 |
47.212 |
35.407 |
| Access credentials through Man In the Middle attack |
20.427 |
21.209 |
28.046 |
| Other Web Application bug |
50.383 |
6.529 |
18.048 |
| FTP Server intrusion |
58.945 |
55.611 |
17.023 |
| Web Server intrusion |
38.975 |
30.059 |
13.405 |
| DNS attack through cache poisoning |
7.541 |
9.131 |
9.747 |
| Other Server intrusion |
1.4732 |
16.050 |
8.050 |
| DNS attack through social engineering |
4.719 |
5.959 |
7.585 |
| URL Poisoning |
2.897 |
7.988 |
6.931 |
| Web Server external module intrusion |
8.487 |
17.290 |
6.690 |
| Remote administrative panel access through bruteforcing |
2.738 |
4.988 |
6.607 |
| Rerouting after attacking the Firewall |
988 |
4.308 |
6.127 |
| SSH Server intrusion |
2.644 |
14.746 |
5.723 |
RPC Server intrusion
|
1.821 |
5.793 |
5.516 |
| Rerouting after attacking the Router |
1.520 |
4.867 |
5.257 |
Remote service password guessing
|
939 |
7.008 |
5.105 |
| Telnet Server intrusion |
1.863 |
6.252 |
4.753 |
| Remote administrative panel access through password guessing |
1.014 |
4416 |
4.753 |
Remote administrative panel access through social engineering
|
780 |
5472 |
3.127
|
| Remote service password bruteforce |
3.576 |
4018 |
3.125 |
| Mail Server intrusion
|
1.198 |
4195 |
1.315 |
Not available
|
11.382 |
37243 |
9.724 |
| Attack Reason |
Year 2005
|
Year 2006
|
Year 2007
|
| I just want to be the best defacer |
95.870 |
300.858 |
197.413 |
| Heh...just for fun! |
179.234 |
175.241 |
95.664 |
| As a challenge |
59.991 |
72.287 |
60.314 |
| Political reasons |
61.068 |
77.350 |
31.073
|
| Patriotism |
53.168 |
30.207
|
28.307 |
| Revenge against that website |
17.847 |
11.489 |
10.120 |
| Not available |
26.662 |
84.929 |
58.014 |
Linux X Windows
| Year |
Total defacements Linux (all distros) |
Total defacements Windows (all versions) |
| 2000 |
931 |
2.586 |
| 2001 |
4.081 |
13.552 |
| 2002 |
22.693 |
43.426 |
| 2003 |
191.720 |
58.559 |
| 2004 |
247.118 |
119.412 |
| 2005 |
276.350 |
179.957 |
| 2006 |
446.311 |
258.124 |
| 2007 |
306.076 |
139.503
|
| Total |
1.485.280 |
815.119 |
Powered by a Zone-H(ified) version of AkoComment 3.0!
DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice. |
