Welcome to WebmasterWorld Guest from 3.227.2.109

Forum Moderators: bakedjake

Message Too Old, No Replies

Number of Linux attacks

More than 50%?

     
11:09 am on Jun 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 19, 2003
posts:695
votes: 0


I recently had to change hosting services because of really poor service. I switched from a SUN box to one running Linux. Besides the fact that the access log must be downloaded as a .gz file, extracted. renamed, and then converted to DOS from UNIX, just to view, I noticed that the error log, (which I also do not have direct access to, they show me the last 300 errors via a cpanel), and no transfer log, Iím really worried about open code and hackers.

And sure enough I have started seeing weird stuff in the access log and error log that looks like hack attempts. So today Iím going back to a SUN box and yet another hosting service. I made this decision after visiting the site zone-h.org, which I have no association with and noticed the number of ĎREPORTED ATTACKSí Linux (53.2%).

Has anyone experienced the same or related problem? Does anyone know anything about zone-h?

11:51 am on June 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 10, 2001
posts:1551
votes: 10


The number of "reported attacks" on arbitrary systems is completely irrelevant to the security of your website.

Since most web sites out there are running Linux, the logical consequence will be that there will also be the most attacks on Linux servers. And if you consider that the same relative number of servers running each OS are maintained badly, Linux will also show the highest absolute numbers of reported attacks.

If you compare the zone-h numbers for reported attacks on all types of Windows boxes (30.4%) with Netcrafts figures about the number of IE servers out there (26.8%), then you see that there are relatively more attacks than sites. Netcraft doesn't publish exact OS stats anymore, so we don't know how many of the 63% Apache sites out there are running Linux. I'm just guessing that it's more than 52.2%, which is zone-h's number of reported attacks. If this case, the difference would show that on average, Linux boxes are slightly more secure than others.

Do you expect there to be more than 2.5% Solaris servers out there? If there are less than that, then the reported attacks number of 2.5% would reflect unfavourably on Solaris.

So what does all this mean for the security of your own site? Nothing at all. The fact that the relative numbers of reported attacks are so close to the relative numbers of servers out there for each OS means that the OS is completely irrelevant.

The only thing that matters is whether your system administrator is up to the challenge. A well maintained and updated system is secure. Everything else isn't. If you trust your hosting provider to do their job right, stay with them. If you don't, then you shouldn't be doing business with them anyway.

8:10 pm on June 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 12, 2002
posts:885
votes: 0


1) I think Bird has it right

2) In addition, I've been running Linux and BSD servers for several years now. They get attacked a lot. Hundreds of times a day, in fact. Usually, with automated attacks that only IIS is vulnerable to. Do those count against the 'security' of my server? They all fail, so maybe they should count towards it? :-P

9:39 pm on June 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 19, 2003
posts:695
votes: 0


dingman

This wasn't an IIS attack. it was someone from china trying to fool around with the .htaccess file

10:02 pm on June 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 10, 2001
posts:1551
votes: 10


trying to fool around with the .htaccess file

Well, so far you have only talked about hacking *attempts*. I'm sure you'd have told us if anything bad had actually happened beyond that.

Do you expect those attempts not to happen on Solaris? Or do you expect Solaris to be inherently more secure than Linux? If so, then you'd be wrong on both accounts.

10:13 pm on June 24, 2003 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:June 15, 2001
posts:7845
votes: 95


Every system is only secure until someone works out how to exploit a weakness.

System and server admins need to he aware of potential system weaknesses and do everything they can to keep the "bad guys" out. The same can be said for any OS. There are always people looking for a way in.

The good thing with Linux is, the community is so big then most security issues are patched very fast.

Mack.

10:31 pm on June 24, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:June 9, 2002
posts:41
votes: 0


Agree with bird, no matter what platform (Sun, Linux, NT...) you are using, you can't stop people trying to attack you, can you?
Don't forget to turn on iptables if security is your concern, which can turn your linux box into a firewall.
10:36 pm on June 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 12, 2002
posts:885
votes: 0


This wasn't an IIS attack. it was someone from china trying to fool around with the .htaccess file

Oh, all I was commenting on were attack statistics, drawing from my experiences with servers under my control. I didn't mean to imply that you weren't really being attacked by a human or any such thing, just that lots of those things were likely to show up in reported attacks that affect agregate statistics.

8:22 am on June 25, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 19, 2003
posts:695
votes: 0


Agree that you cannot stop attacks. But, I have been running SUN for 3 years and that in the 3 years of running SUN, never had a _noticed attack_. Maybe it's because there are fewer people trying to attack because of fewer numbers of SUNs? Which in of itself would add to security. In the 2 weeks Iíve been on Linux, there has apparently been one.

Personally Iím not bias to one system or the other as long as it doesnít cost me product or a lot of time to admin, Iím pretty much a happy camper.

I agree with bird that it is not the actual percentage, but the delta of total-attempts. I have no clue how to measure that though.

I donít know if I lost product because the stupid hosting service doesnít allow me to see the xfer log. So at this point, Iím not even really sure if it was an attempt or if it was successful. I will note that from the time it showed in the error log and the time that I FTPíed in and uploaded the old .htaccess file was only 1 hour, but long enough to lose some product. Good thing I have been busy and no time to sleep or I would have been a sleep when it happened.

The really suspicious thing here is I got a query from China just the day before on how much our software costs. I donít know if it was the same people or not.

Why do a lot of humans feel that someone owes them something for nothing? I was living in Ft. Lauderdale when Andrew went through. Within a couple of days, people were looting. Baghdad, same thing, and the list goes on and on. So it doesnít seem to be geographical, but species related. How sad for the all mighty human race.

4:58 pm on June 25, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 12, 2002
posts:885
votes: 0


stupid hosting service doesnít allow me to see the xfer log.

Yeesh! All OS questions aside, that's a sure reason to switch hosting companies.

Why do a lot of humans feel that someone owes them something for nothing?... ...species related.

'cause property is just a figment of our collective imagination, and intilectual property doubly so. Mind you, that doesn't mean I condone stealing. There are plenty of things that are no more than figments of our collective imagination that are still extremely useful.
9:53 pm on June 25, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 19, 2003
posts:695
votes: 0


Bravo dingman. Very intellectual, sincerely.