Forum Moderators: bakedjake
And sure enough I have started seeing weird stuff in the access log and error log that looks like hack attempts. So today I’m going back to a SUN box and yet another hosting service. I made this decision after visiting the site zone-h.org, which I have no association with and noticed the number of ‘REPORTED ATTACKS’ Linux (53.2%).
Has anyone experienced the same or related problem? Does anyone know anything about zone-h?
Since most web sites out there are running Linux, the logical consequence will be that there will also be the most attacks on Linux servers. And if you consider that the same relative number of servers running each OS are maintained badly, Linux will also show the highest absolute numbers of reported attacks.
If you compare the zone-h numbers for reported attacks on all types of Windows boxes (30.4%) with Netcrafts figures about the number of IE servers out there (26.8%), then you see that there are relatively more attacks than sites. Netcraft doesn't publish exact OS stats anymore, so we don't know how many of the 63% Apache sites out there are running Linux. I'm just guessing that it's more than 52.2%, which is zone-h's number of reported attacks. If this case, the difference would show that on average, Linux boxes are slightly more secure than others.
Do you expect there to be more than 2.5% Solaris servers out there? If there are less than that, then the reported attacks number of 2.5% would reflect unfavourably on Solaris.
So what does all this mean for the security of your own site? Nothing at all. The fact that the relative numbers of reported attacks are so close to the relative numbers of servers out there for each OS means that the OS is completely irrelevant.
The only thing that matters is whether your system administrator is up to the challenge. A well maintained and updated system is secure. Everything else isn't. If you trust your hosting provider to do their job right, stay with them. If you don't, then you shouldn't be doing business with them anyway.
2) In addition, I've been running Linux and BSD servers for several years now. They get attacked a lot. Hundreds of times a day, in fact. Usually, with automated attacks that only IIS is vulnerable to. Do those count against the 'security' of my server? They all fail, so maybe they should count towards it? :-P
This wasn't an IIS attack. it was someone from china trying to fool around with the .htaccess file
Well, so far you have only talked about hacking *attempts*. I'm sure you'd have told us if anything bad had actually happened beyond that.
Do you expect those attempts not to happen on Solaris? Or do you expect Solaris to be inherently more secure than Linux? If so, then you'd be wrong on both accounts.
System and server admins need to he aware of potential system weaknesses and do everything they can to keep the "bad guys" out. The same can be said for any OS. There are always people looking for a way in.
The good thing with Linux is, the community is so big then most security issues are patched very fast.
Mack.
This wasn't an IIS attack. it was someone from china trying to fool around with the .htaccess file
Oh, all I was commenting on were attack statistics, drawing from my experiences with servers under my control. I didn't mean to imply that you weren't really being attacked by a human or any such thing, just that lots of those things were likely to show up in reported attacks that affect agregate statistics.
Personally I’m not bias to one system or the other as long as it doesn’t cost me product or a lot of time to admin, I’m pretty much a happy camper.
I agree with bird that it is not the actual percentage, but the delta of total-attempts. I have no clue how to measure that though.
I don’t know if I lost product because the stupid hosting service doesn’t allow me to see the xfer log. So at this point, I’m not even really sure if it was an attempt or if it was successful. I will note that from the time it showed in the error log and the time that I FTP’ed in and uploaded the old .htaccess file was only 1 hour, but long enough to lose some product. Good thing I have been busy and no time to sleep or I would have been a sleep when it happened.
The really suspicious thing here is I got a query from China just the day before on how much our software costs. I don’t know if it was the same people or not.
Why do a lot of humans feel that someone owes them something for nothing? I was living in Ft. Lauderdale when Andrew went through. Within a couple of days, people were looting. Baghdad, same thing, and the list goes on and on. So it doesn’t seem to be geographical, but species related. How sad for the all mighty human race.
stupid hosting service doesn’t allow me to see the xfer log.
Why do a lot of humans feel that someone owes them something for nothing?... ...species related.
