Web site defacements on Linux servers rise sharply

The number of defacements of Web sites on Linux-based systems recorded by rose significantly in the first half of this year.

The number of defacements of Web sites on Linux-based systems recorded by rose significantly in the first half of this year.

London security consultancy mi2g recorded 7,630 defacements of Linux-based Web sites, a figure already exceeding the total of 5,736 defacements of such sites recorded for the whole of 2001.

By comparison, defacements of systems running Microsoft's IIS (Internet Information Services) Web server software fell to 9,404 in the first half of 2002, down 20% from the 11,828 defacements recorded in the first half of last year.

Mi2g gathers reports of defacements from attackers and their victims and verifies the details manually.

The security consultancy attributes the increase in defacements of Web sites running on Linux systems to the proliferation of such systems worldwide and delays in applying security update patches to software.

According to mi2g, the defaced sites use software that contains known vulnerabilities. These versions are not being patched fast enough, and hackers continue to exploit them to gain control of systems.

Web site defacements recorded for all types of operating systems rose to 20,371 in the first half of 2002, up 27% from the 16,007 recorded in the same period the previous year.

The company recorded only 54 defacements of US government Web sites in the first half of 2002, compared with 204 a year ago. A major factor in this drop has been the extensive media coverage of the US Cyber Security Enhancement Act (CSEA), which was passed by the US House of Representatives on Monday. The bill threatens life imprisonment for anyone putting lives at risk by electronic means.

Hackers may have been discouraged from attacking US government systems, mi2g said, and intelligence agencies monitoring intrusions on government networks have become more vigilant.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.