Permalink
Cannot retrieve contributors at this time
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
261 lines (203 sloc)
7.04 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>Defacements by Webserver, August, 1999 - November 18, 2000</title> | |
| </head> | |
| <body bgcolor="#000000" text="#FFFFFF" link="#FF0000" vlink="#C0C0C0" alink="#FF0000"> | |
| <font color="#FFFFFF"> | |
| <h1> | |
| Defacements by Webserver<br> | |
| August, 1999 - November 18, 2000 | |
| </h1> | |
| <hr noshade> | |
| <!-- ===== TOC ===== --> | |
| <p> | |
| <a href="#NOTES">Read the Notes!</a> | |
| <p> | |
| <a href="#SPECIAL">IIS and Apache Tango</a> | |
| <p> | |
| <a href="#WEBSTACKED">Webserver Totals by Month (stacked bar graph)</a> | |
| <p> | |
| <a href="#WEBSBS">Webserver Totals by Month (side-by-side bar graph)</a> | |
| <p> | |
| <a href="#IIS">IIS</a> | |
| <p> | |
| <a href="#APACHE">Apache</a> | |
| <p> | |
| <a href="#NETSCAPE">NetScape</a> | |
| <p> | |
| <a href="#OTHER">Other Webservers</a> | |
| <p> | |
| <a href="#ALLGRAPHS">Graphs Combined</a> | |
| <p> | |
| <a href="#Cumulative">Cumulative Totals</a> | |
| <p> | |
| <a href="#PIE">Overall Webserver Shares, Pie Chart</a> | |
| <!-- get some space --> | |
| <hr noshade> | |
| <p> | |
| <a name="SPECIAL"> | |
| June 2000 to November 18, 2000<br> | |
| 29 Day Moving Average of Defacements per Day, IIS, Apache, All Others:<br><br> | |
| <img src="graphs/mtotals_iisapc.gif"> | |
| <p> | |
| Yellow: IIS, White: Apache, Orange: All Others | |
| <!-- get some space --> | |
| <hr noshade> | |
| <p> | |
| <a name="WEBSTACKED"></a> | |
| Webserver Totals by Month, stacked:<br><br> | |
| <img src="graphs/bar_webservertotals_stacked.gif" alt="Webserver Totals By Month"> | |
| <p> | |
| Yellow: IIS, White: Apache, Green: NetScape, Orange: All Other | |
| <!-- get some space --> | |
| <hr noshade> | |
| <p> | |
| <a name="WEBSBS"></a> | |
| Webserver Totals by Month, side-by-side:<br><br> | |
| <img src="graphs/bar_webservertotals_sbs.gif" alt="Webserver Totals By Month"> | |
| <p> | |
| Yellow: IIS, White: Apache, Green: NetScape, Orange: All Other | |
| <!-- get some space --> | |
| <hr noshade> | |
| <p> | |
| <a name="IIS"></a> | |
| 29-day moving average, IIS:<br> | |
| (click image for August 1999 to November 2000 range)<br> | |
| <a href="graphs/pct_iis_29mav_1999on.gif"> | |
| <img src="graphs/pct_iis_29mav.gif" alt="IIS"> | |
| </a> | |
| <!-- get some space --> | |
| <hr noshade> | |
| <p> | |
| <a name="APACHE"></a> | |
| 29-day moving average, Apache:<br> | |
| (click image for August 1999 to November 2000 range)<br> | |
| <a href="graphs/pct_apache_29mav_1999on.gif"> | |
| <img src="graphs/pct_apache_29mav.gif" alt="Apache"> | |
| </a> | |
| <!-- get some space --> | |
| <hr noshade> | |
| <p> | |
| <a name="NETSCAPE"></a> | |
| 29-day moving average, NetScape:<br> | |
| (click image for August 1999 to November 2000 range)<br> | |
| <a href="graphs/pct_netscape_29mav_1999on.gif"> | |
| <img src="graphs/pct_netscape_29mav.gif" alt="NetScape"> | |
| </a> | |
| <!-- get some space --> | |
| <hr noshade> | |
| <p> | |
| <a name="OTHER"></a> | |
| 29-day moving average, All Other Webservers:<br> | |
| (click image for August 1999 to November 2000 range)<br> | |
| <a href="graphs/pct_otherweb_29mav_1999on.gif"> | |
| <img src="graphs/pct_otherweb_29mav.gif" alt="All Other"> | |
| </a> | |
| <!-- get some space --> | |
| <hr noshade> | |
| <p> | |
| <a name="ALLGRAPHS"></a> | |
| 29-day moving average, All Others:<br> | |
| (click image for August 1999 to November 2000 range)<br> | |
| <a href="graphs/all-web-mav_1999on.gif"> | |
| <img src="graphs/all-web-mav.gif" alt="Graphs Combined"> | |
| </a> | |
| <p> | |
| Yellow: IIS, White: Apache, Green: NetScape, Orange: All Others | |
| <hr noshade> | |
| <!-- ===== get space for next graph ===== --> | |
| <hr noshade> | |
| <p> | |
| <a name="Cumulative"></a> | |
| Daily Cumulative Totals, All:<br> | |
| <img src="graphs/cum_webservers.gif" alt="Daily Cumulative Graph, All Webservers"> | |
| </a> | |
| <p> | |
| Yellow: IIS, White: Apache, Green: NetScape, Orange: All Others | |
| <!-- ===== get space for next graph ===== --> | |
| <hr noshade> | |
| <p> | |
| <a name="PIE"></a> | |
| <img src="graphs/pie_webservers.gif" alt="Pie Chart"> | |
| </a> | |
| <p> | |
| <!-- ===== NOTES ===== --> | |
| <p> | |
| <hr noshade> | |
| <p> | |
| <a name="NOTES"></a> | |
| <b>Notes</b> | |
| <p> | |
| Also read the | |
| <a href="stats.html#NOTES">notes</a> | |
| provided on our main statistics page if you haven't already. | |
| <p> | |
| All Webserver results derived from NetCraft and from querying the | |
| remote webserver itself, at the time the mirror was taken. We are | |
| grateful for NetCraft: | |
| <p> | |
| <a href="http://www.netcraft.com">NetCraft</a><br> | |
| <p> | |
| <b>This data is unweighted</b>. That means that I have made no effort to | |
| present numbers or counts that are proportional to the distribution | |
| of venders in the webserver market. Therefore, keep in mind that, | |
| for instance, the pie chart above is NOT the distribution of the | |
| webserver market by vender. It is the distribution of webservers by | |
| vender that have been reported defaced, verified, and mirrored at | |
| Attrition.org since we began keeping OS and webserver data in August, | |
| 1999. Why would someone want to weight the data? Market weighted | |
| data could be used to show the proportional differences between venders | |
| in the context of web defacements to infer differences in webserver | |
| security. While of great interest, and one of the most frequent requests | |
| we get for our statistics pages, it's easy to naively infer webserver | |
| security on this weighted data and get matters very wrong. For instance, | |
| did Apache suddenly become a less secure webserver due to the recent wu-ftpd | |
| exploit (also discussed below)? I reckon not. Nor would it be advisable to | |
| infer Linux was any less secure an OS due to wu-ftpd. Not to say weighting | |
| data is bad. It's the inferences we draw from weighted data that is open to | |
| question. Inferences drawn from known vulnerabilities of vender webservers | |
| seems more reasonable and balanced, and would be very interesting. For | |
| those wishing to swim these murky waters, NetCraft, linked above, does | |
| provide extensive vender data for the webserver market for weighting data. | |
| <p> | |
| <b>Moving Averages</b> are used frequently, especially in financial | |
| markets. Moving averages smooth the variance out of data, and may | |
| help indicate trends. A proportional (by percent, for instance) | |
| moving average also readily shows shifts from one item to another. | |
| In this context, the recent | |
| <a href="http://www.securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D1387"> | |
| wu-ftpd bug</a> | |
| which was widely exploited starting at least in early June of 2000 is | |
| readily seen in the shift away from NT defacements toward OSs frequently | |
| running wu-ftpd, mostly various Linux distributions. Webservers, primarily | |
| running Apache on Linux, went up subsequently, while IIS dipped as Linux | |
| became a prime target as is obvious in the graphs above, especially the | |
| proportional moving average graphs. | |
| <p> | |
| All Venders are aggregated over all versions. We will present detailed | |
| tables of version break-downs, cross-referenced by OS distribution, etc., | |
| in the near future. | |
| <p> | |
| The "All Other" webserver designation significantly includes any webserver | |
| that we were not able to get an identification for. While this is a small | |
| count overall, it is large relative to the "All Other" webserver category. | |
| <p> | |
| For more information, contact: | |
| <a href="mailto:munge@attrition.org">munge@attrition.org</a> | |
| <!-- ===== Copy Rights & such ===== --> | |
| <hr> | |
| <p> | |
| <font size="2" color="#FFFFFF"> | |
| © 2000 Copyright Brian Martin<br> | |
| Excerpts from this page may be reproduced if | |
| <a href="http://www.attrition.org">Attrition</a> and the URL<br> | |
| http://www.attrition.org/mirror/attrition/webserver-graphs.html are attributed. | |
| </font> | |
| <p> | |
| <!-- hhmts start --> | |
| Last modified: Tue Nov 21 23:00:57 EST 2000 | |
| <!-- hhmts end --> | |
| <!-- ===== END ===== --> | |
| <munge></munge> | |
| </body> | |
| </html> |