760,935 breaches Google detected
I wonder how many of those have active administration. Surely an admin's job is to keep an eye on logs and traffic, so I'm guessing that a large number of these sites don't really have an administrator.
Google and university researchers say the tech giant found some 760,935 compromised websites across the web during a year-long research effort. Google's Eric Kuan; Yuan Niu; Lucas Ballard; Kurt Thomas, and Elie Bursztein joined the University of California, Berkely's Frank Li, Grant Ho, and Vern Paxson in writing Remedying Web …
A lot of people don't realise that a website is an ongoing process; not a 'set and forget'....especially when Wordpress or some other CMS is used. So they get a site made and then forget about it, until it is inevitably pwned. You have to keep them updated.
I have also -on more than one occasion- had sites handed to me from media companies where the login name and password for the admin account were the same as the domain name. That makes me genuinely cross. They have a life expectancy of minutes, these days.
It's good that Google are contacting admins of breached sites. Can't say I fancy signing up for the data-slurp though.
These days it's usually the applications that run on the webservers that are the source of the problem, not the web server itself. Earlier versions of IIS were a blight on the Internet, more recent versions are relatively safe; Not 100% safe of course, in reality that's that's effectively unachievable. The same with Apache, the security has improved since earlier versions.
And depending on your statistics, IIS is either doing quite well or is still quite a long way behind. It depends on how you filter and weight the results.
I'm more happy that there isn't a monocultore of web servers. Both IIS and Apache annoy for different reasons while performing administration tasks on them, both have strengths and weaknesses on this side and the performance front.
Could have been anything. Websites run on a wobbly stack of software; all of which is being constantly changed and updated. A hole in any part of that stack can allow miscreants in. Or it could be something as simple as your hosts not rate-limiting password guesses; thus allowing your site to be brute-forced. Plus there's services like email; FTP; database etc. that can lend themselves to being ninja'd into allowing people in.
In a setup that complex, there are going to be holes. And if someone of sufficient talent wants in, they will have you. All you can do is try and keep abreast of holes and plug 'em as you find 'em. Try and at least raise the bar and make it difficult.
Always the hosting company's fault, eh? Never your own. Running old software were we? Easy password? Trojan on your PC sniffing FTP software logins?
It's just incredibly rare to see a server rooted/exploited these days. 99.999% of the time a website gets done over purely because the user uploaded buggy, old, unsecure scripts. But hey, blame the hosting company, it's easier
I blame cheap Reseller hosting, we have an account with one of the largest ones in the UK and they want £5 per account for a weekly virus scan, we have 400 accounts and pay for the Reseller Hosting £40 a month +VAT we change customers £5 a month for Hosting and Email. How may infected sites do we have probably 10-30 but we have no way of checking. Other than FTPing the whole site down and scanning it.
> I blame cheap Reseller hosting
Why? The hosting's not the problem, is it? It's all the fire-and-forget copies of Wordpress and Joomla that have been uploaded, then forgotten about, or deliberately not updated.
> they want £5 per account for a weekly virus scan
Sounds reasonable. Virus scans are time-consuming and can be process-intensive. Or do you think server time is free because you've paid £3 a month to host a bazillion crud web sites?
> How may infected sites do we have probably 10-30
Incredible. You're actually part of the problem, yet your attitude towards the whole things is just so blase it's incredible.
I agree I am but I am also an employee and have a boss like the one from the IT crowd.
Each accounts has its own FTP and a 30 day lock out so 400 accounts with a limit of 1 FTP connection, thanks to reseller restraints means its 30 mins a download, I have to make money my making new websites. 98% are WordPress we do allow automated updates but there are sites where we cant even do basic htaccess protection because the clients using 3'd part software to do marketing etc.
We do have more premium servers for ecommerce etc that run on Cpanel/WHM and they do get a daily virus scan.
Um ... why does the picture that goes with this article show a bunch of ancient Spartans and Athenians? (Spartans because that upside down V is a Lambda, for 'Lacedaemonia', and Athenians because the other shields have Athena's owl.)
As far as I know neither ancient civilization had any problems with their web servers.
Trojans? Nope, those aren't Trojans.
A quick Google search with [site:nhs.uk paypal viagra] brings up a few hacks. El Reg first carried a report of the NHS site's apparent insecurity almost three years ago.
Here's an example:
http://www.sct.nhs.uk/order-cialis-from-india/
and the Google cache in case it gets fixed quickly for once:
http://webcache.googleusercontent.com/search?q=cache:e0elKN-q6jMJ:http://www.sct.nhs.uk/order-cialis-from-india/%2Bsite:nhs.uk+paypal+viagra&gbv=1&hl=en&ct=clnk