\', SouthernWolf.net, \' - \', SouthernWolf.net™, \'
  Login or Register
 • Home • Downloads • Your Account • Forums • 
Site Menu
null.gif Home
null.gif Members
null.gif News
null.gif Downloads
null.gif Content
null.gif Site
null.gif Drugs
null.gif Physics
null.gif Nature
null.gif Poetry
null.gif Chess
 
Site Info
Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 9,519,648
  • Today: 550
Server InfoServer Info
  • Jan 22, 2022
  • 07:45 pm EST
 
 
Resources


Passwords

PC Tools Password Generator
Boutrager CGI Passwords
.htaccess Password Generator

Favicons

Favicon maker- Create a favicon from any image

CSS Scrollbars

CSS Scrollbar

SEO

SEO: Search Engine Optimization
SEO: Search Engine Optimization

Powered by RavenNuke™

Powered by RavenNuke(tm)

Evaders Squadron Coding

Evaders Squadron Coding

Clan Templates

Php Nuke Clan Themes

DaDaNuke

dadanuke.org: addons, themes, fixes, mods and support for PhPNuke/RavenNuke™ CMS

Papa Mike Creations

Papa Mike Creations

Honeypot

Stop Spam Harvesters, Join Project Honey Pot

VB Script

VisualBasicScript.com

PhP Resources

The PHP Resource Index

PhP Junkyard

Free PHP scripts for download

Coffeecup

CoffeeCup - HTML Editor- Flash - Web Design Software

Memory

Crucial Memory

NMAP

NMAP Security Scanner

Pirate Bay
The Pirate Bay

AX4
Tricks • Secrets • Bugs • Fixes

Tizag
Tizag Web Tutorials

Reporter's Desktop
Reporter's Desktop

 
NukeSentinel™
This is the list of NukeSentinel(tm) banned IP addresses.

  • 3.80.25.*
  • 54.172.51.*
  • 52.204.232.*
  • 54.158.238.*
  • 54.91.3.*
  • 18.213.3.*
  • 54.85.58.*
  • 193.169.254.*
  • 51.89.117.*
  • 149.3.170.*
  • 185.213.155.*
  • 45.128.134.*
  • 45.155.204.*
  • 37.233.55.*
  • 64.179.169.*
  • 197.254.68.*
  • 15.237.74.*
  • 202.142.162.*
  • 20.64.73.*
  • 84.17.45.*

 
Trophy

Thank you, Navy SEALs

 
NukeSentinel™
You have been warned!
We have caught 2643 shameful hackers.

 
Defacements Statistics 2010 
Hacking

 Almost 1,5 million websites defaced, what's happening?

Marcelo Almeida (Vympel), Boris Mutina (Minor)

stats 2010

Last year the Zone-​H archived a sad record num­ber, we archived 1.419.203 web­sites deface­ments.

Why and how this is hap­pen­ing?

If you are look­ing at on the stats, the things remain the same: file inclu­sion, sql injec­tion, web­dav attacks and shares mis­con­fig­u­ra­tion are still at the top ranks of the attack meth­ods used by the defac­ers to gain first access into the server. As an impor­tant fac­tor influ­enc­ing the stats we con­sider the fact that last year brought a very high num­ber of the local linux ker­nel exploits.

Since many years ago, Linux became the most used OS for web­servers and of course the pre­ferred tar­get for the defac­ers. Last year we archived 1.126.987 attacks against web­sites run­ning on the Linux sys­tems. The most used exploit by the defac­ers is the CVE-​2010 – 3301,that was fixed in 2007 and was mys­te­ri­ously rein­tro­duced in 2008, in a large pile of ker­nel ver­sions x86_​64.

But should be the out-​of-​date Linux server the only rea­son of this huge amount of deface­ments?

Yes and no.

We were talk­ing about local ker­nel exploits, but the first prob­lem is in the web­site code. For exam­ple, we received too many sin­gle deface­ments due a remote upload flaw in OsCom­merce CMS, that allows the defac­ers to upload any­thing to the CMS folder with­out a proper cre­den­tial check. When this flaw became pub­lic, the devel­op­ers had a too much time to fix it, but the fix appeared few months later. Pity.

Year after year, the devel­op­ers are still cod­ing by an unsafely, keep­ing tons of the remote and local file inclu­sion and the SQL injec­tions, that the attack­ers use as the first step to gain the access into the server OS.

Then an another prob­lem with the out-​of-​date sys­tem is that the old ker­nel ver­sions indi­cate also that another pack­ages (some­times also mis­con­fig­ured) by per­form­ing priv­i­lege esca­la­tion for the services/​users access.

But we should not speak only about the Linux servers, the Win­dows Servers are also in the stats, (not) sur­pris­ingly still hacked by the same flaws like in year 2000 and early. Every year we also recorded a high num­ber of the web­dav and shares mis­con­fig­u­ra­tion attacks. For web­dav there are tons of the updates, for shares too, admin­is­tra­tors just need to put their hands on it and update and/​or change the con­fig­u­ra­tion.

From the results one out­come is clear – code devel­oper teams and web­server admins are still liv­ing in two dis­tinct worlds. And if some­thing is not work­ing prop­erly, their answer is that this is most likely the other side’s fault. While this “fight” con­tin­ues, the deface­ment count still grows up.

If you have any com­ments, send them to comments@​zone-​h.​org

Zone-H


Short URL:
Posted on Thursday, January 12, 2012 @ 15:34:18 EST by Southern
click Related        click Rate This        click Share
Associated TopicsHacking
Topics
Perry2012
 
 
Forums

Papa Mike Creations is BACK!
Energy equals velocity
Black Vortices
Environment
Starships
Microbes
Inverses
Only Down
Question
Hmmm

 
Babes

© ThemeFreaks
 
GCalendar
<< January 2022 >>

S M T W T F S
            1
2345678
9101112131415
16171819202122
23242526272829
3031         

 
bookmark site

Bookmark Us
Bookmark Us

Set as Homepage
Set as Homepage


 
Support RavenNuke™
RavenNuke(tm) v2.40.01
 
Proverbs
16:22, Understanding is a wellspring of life unto him that hath it: but the instruction of fools is folly.
 
R.O.P.: R.I.P.

Thousands of Deadly Islamic Terror Attacks Since 9/11


Islam spreads like a virus....
more: Islam violence



List of Islamic Terror Attacks For the Past 2 Months
 
Support Our Troops
Support Our Troops


© ThemeFreaks
 
Honey Pot
Bots in the pot!
We have [350] bots in the pot!

 
 
Page Generation: 0.40 Seconds

:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com ::
:: fisubice Theme Recoded To 100% W3C CSS & HTML 4.01 Transitional & XHTML 1.0 Transitional Compliance by RavenNuke™ TEAM ::

:: W3C CSS Compliance Validation :: W3C HTML 4.01 Transitional Compliance Validation :: W3C XHTML 1.0 Transitional Compliance Validation ::