Skip to content
Permalink
main
Switch branches/tags

web-hack-mirror/mirror/webserver-graphs.html

Go to file
 
 
Cannot retrieve contributors at this time
261 lines (203 sloc) 7.04 KB
Raw Blame
Open in GitHub Desktop
<html>
<head>
<title>Defacements by Webserver, August, 1999 - November 18, 2000</title>
</head>
<body bgcolor="#000000" text="#FFFFFF" link="#FF0000" vlink="#C0C0C0" alink="#FF0000">
<font color="#FFFFFF">
<h1>
Defacements by Webserver<br>
August, 1999 - November 18, 2000
</h1>
<hr noshade>
<!-- ===== TOC ===== -->
<p>
<a href="#NOTES">Read the Notes!</a>
<p>
<a href="#SPECIAL">IIS and Apache Tango</a>
<p>
<a href="#WEBSTACKED">Webserver Totals by Month (stacked bar graph)</a>
<p>
<a href="#WEBSBS">Webserver Totals by Month (side-by-side bar graph)</a>
<p>
<a href="#IIS">IIS</a>
<p>
<a href="#APACHE">Apache</a>
<p>
<a href="#NETSCAPE">NetScape</a>
<p>
<a href="#OTHER">Other Webservers</a>
<p>
<a href="#ALLGRAPHS">Graphs Combined</a>
<p>
<a href="#Cumulative">Cumulative Totals</a>
<p>
<a href="#PIE">Overall Webserver Shares, Pie Chart</a>
<!-- get some space -->
<hr noshade>
<p>
<a name="SPECIAL">
June 2000 to November 18, 2000<br>
29 Day Moving Average of Defacements per Day, IIS, Apache, All Others:<br><br>
<img src="graphs/mtotals_iisapc.gif">
<p>
Yellow: IIS, White: Apache, Orange: All Others
<!-- get some space -->
<hr noshade>
<p>
<a name="WEBSTACKED"></a>
Webserver Totals by Month, stacked:<br><br>
<img src="graphs/bar_webservertotals_stacked.gif" alt="Webserver Totals By Month">
<p>
Yellow: IIS, White: Apache, Green: NetScape, Orange: All Other
<!-- get some space -->
<hr noshade>
<p>
<a name="WEBSBS"></a>
Webserver Totals by Month, side-by-side:<br><br>
<img src="graphs/bar_webservertotals_sbs.gif" alt="Webserver Totals By Month">
<p>
Yellow: IIS, White: Apache, Green: NetScape, Orange: All Other
<!-- get some space -->
<hr noshade>
<p>
<a name="IIS"></a>
29-day moving average, IIS:<br>
(click image for August 1999 to November 2000 range)<br>
<a href="graphs/pct_iis_29mav_1999on.gif">
<img src="graphs/pct_iis_29mav.gif" alt="IIS">
</a>
<!-- get some space -->
<hr noshade>
<p>
<a name="APACHE"></a>
29-day moving average, Apache:<br>
(click image for August 1999 to November 2000 range)<br>
<a href="graphs/pct_apache_29mav_1999on.gif">
<img src="graphs/pct_apache_29mav.gif" alt="Apache">
</a>
<!-- get some space -->
<hr noshade>
<p>
<a name="NETSCAPE"></a>
29-day moving average, NetScape:<br>
(click image for August 1999 to November 2000 range)<br>
<a href="graphs/pct_netscape_29mav_1999on.gif">
<img src="graphs/pct_netscape_29mav.gif" alt="NetScape">
</a>
<!-- get some space -->
<hr noshade>
<p>
<a name="OTHER"></a>
29-day moving average, All Other Webservers:<br>
(click image for August 1999 to November 2000 range)<br>
<a href="graphs/pct_otherweb_29mav_1999on.gif">
<img src="graphs/pct_otherweb_29mav.gif" alt="All Other">
</a>
<!-- get some space -->
<hr noshade>
<p>
<a name="ALLGRAPHS"></a>
29-day moving average, All Others:<br>
(click image for August 1999 to November 2000 range)<br>
<a href="graphs/all-web-mav_1999on.gif">
<img src="graphs/all-web-mav.gif" alt="Graphs Combined">
</a>
<p>
Yellow: IIS, White: Apache, Green: NetScape, Orange: All Others
<hr noshade>
<!-- ===== get space for next graph ===== -->
<hr noshade>
<p>
<a name="Cumulative"></a>
Daily Cumulative Totals, All:<br>
<img src="graphs/cum_webservers.gif" alt="Daily Cumulative Graph, All Webservers">
</a>
<p>
Yellow: IIS, White: Apache, Green: NetScape, Orange: All Others
<!-- ===== get space for next graph ===== -->
<hr noshade>
<p>
<a name="PIE"></a>
<img src="graphs/pie_webservers.gif" alt="Pie Chart">
</a>
<p>
<!-- ===== NOTES ===== -->
<p>
<hr noshade>
<p>
<a name="NOTES"></a>
<b>Notes</b>
<p>
Also read the
<a href="stats.html#NOTES">notes</a>
provided on our main statistics page if you haven't already.
<p>
All Webserver results derived from NetCraft and from querying the
remote webserver itself, at the time the mirror was taken. We are
grateful for NetCraft:
<p>
<a href="http://www.netcraft.com">NetCraft</a><br>
<p>
<b>This data is unweighted</b>. That means that I have made no effort to
present numbers or counts that are proportional to the distribution
of venders in the webserver market. Therefore, keep in mind that,
for instance, the pie chart above is NOT the distribution of the
webserver market by vender. It is the distribution of webservers by
vender that have been reported defaced, verified, and mirrored at
Attrition.org since we began keeping OS and webserver data in August,
1999. Why would someone want to weight the data? Market weighted
data could be used to show the proportional differences between venders
in the context of web defacements to infer differences in webserver
security. While of great interest, and one of the most frequent requests
we get for our statistics pages, it's easy to naively infer webserver
security on this weighted data and get matters very wrong. For instance,
did Apache suddenly become a less secure webserver due to the recent wu-ftpd
exploit (also discussed below)? I reckon not. Nor would it be advisable to
infer Linux was any less secure an OS due to wu-ftpd. Not to say weighting
data is bad. It's the inferences we draw from weighted data that is open to
question. Inferences drawn from known vulnerabilities of vender webservers
seems more reasonable and balanced, and would be very interesting. For
those wishing to swim these murky waters, NetCraft, linked above, does
provide extensive vender data for the webserver market for weighting data.
<p>
<b>Moving Averages</b> are used frequently, especially in financial
markets. Moving averages smooth the variance out of data, and may
help indicate trends. A proportional (by percent, for instance)
moving average also readily shows shifts from one item to another.
In this context, the recent
<a href="http://www.securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D1387">
wu-ftpd bug</a>
which was widely exploited starting at least in early June of 2000 is
readily seen in the shift away from NT defacements toward OSs frequently
running wu-ftpd, mostly various Linux distributions. Webservers, primarily
running Apache on Linux, went up subsequently, while IIS dipped as Linux
became a prime target as is obvious in the graphs above, especially the
proportional moving average graphs.
<p>
All Venders are aggregated over all versions. We will present detailed
tables of version break-downs, cross-referenced by OS distribution, etc.,
in the near future.
<p>
The "All Other" webserver designation significantly includes any webserver
that we were not able to get an identification for. While this is a small
count overall, it is large relative to the "All Other" webserver category.
<p>
For more information, contact:
<a href="mailto:munge@attrition.org">munge@attrition.org</a>
<!-- ===== Copy Rights & such ===== -->
<hr>
<p>
<font size="2" color="#FFFFFF">
&#169; 2000 Copyright Brian Martin<br>
Excerpts from this page may be reproduced if
<a href="http://www.attrition.org">Attrition</a> and the URL<br>
http://www.attrition.org/mirror/attrition/webserver-graphs.html are attributed.
</font>
<p>
<!-- hhmts start -->
Last modified: Tue Nov 21 23:00:57 EST 2000
<!-- hhmts end -->
<!-- ===== END ===== -->
<munge></munge>
</body>
</html>