back to article Google found 760,935 compromised web sites in a year

Google and university researchers say the tech giant found some 760,935 compromised websites across the web during a year-long research effort. Google's Eric Kuan; Yuan Niu; Lucas Ballard; Kurt Thomas, and Elie Bursztein joined the University of California, Berkely's Frank Li, Grant Ho, and Vern Paxson in writing Remedying Web …

  1. Ole Juul

    760,935 breaches Google detected

    I wonder how many of those have active administration. Surely an admin's job is to keep an eye on logs and traffic, so I'm guessing that a large number of these sites don't really have an administrator.

    1. TheVogon

      Re: 760,935 breaches Google detected

      As usual it's nearly all OSS software holes being successfully attacked despite Microsoft IIS having a 32% market share of all web servers - as per Netcraft. (That's less than 1% behind the market leader - Apache).

      1. Santa from Exeter
        FAIL

        Re: 760,935 breaches Google detected

        Cue cheap dig at OSS.

        If you actually read the document, they were looking mainly at CSS breaches. They will run on IIS as well you know.

        1. Anonymous Coward
          Anonymous Coward

          Re: 760,935 breaches Google detected

          A lot of people don't realise that a website is an ongoing process; not a 'set and forget'....especially when Wordpress or some other CMS is used. So they get a site made and then forget about it, until it is inevitably pwned. You have to keep them updated.

          I have also -on more than one occasion- had sites handed to me from media companies where the login name and password for the admin account were the same as the domain name. That makes me genuinely cross. They have a life expectancy of minutes, these days.

          It's good that Google are contacting admins of breached sites. Can't say I fancy signing up for the data-slurp though.

        2. Donn Bly
          WTF?

          Re: CSS breaches

          WTF are you calling a "CSS Breach". While I have seen stylesheets hacked to include image urls from other compromised domains to avoid antivirus scans on the primary server, those types of attacks are definitely a minority.

          1. Coen Dijkgraaf

            Re: CSS breaches

            @Donn Bly

            In the security context CSS usually means Cross Site Scripting, not Cascading Style Sheet

            1. That_Guy

              Re: CSS breaches

              I think you meant xss:

              en.m.wikipedia.org/wiki/Cross-site_scripting

              The x is specifically for the differentiation.

      2. Nick Ryan Silver badge

        Re: 760,935 breaches Google detected

        These days it's usually the applications that run on the webservers that are the source of the problem, not the web server itself. Earlier versions of IIS were a blight on the Internet, more recent versions are relatively safe; Not 100% safe of course, in reality that's that's effectively unachievable. The same with Apache, the security has improved since earlier versions.

        And depending on your statistics, IIS is either doing quite well or is still quite a long way behind. It depends on how you filter and weight the results.

        I'm more happy that there isn't a monocultore of web servers. Both IIS and Apache annoy for different reasons while performing administration tasks on them, both have strengths and weaknesses on this side and the performance front.

      3. Long John Brass
        Mushroom

        Re: 760,935 breaches Google detected

        Yes, that is because a windows box requires an admin 24/7 to keep rebooting it every time it hangs or crashes. A *nix box on the other hand will run for years without intervention and thus get lost and forgotten in the noise of day to day work.

      4. Anonymous Coward
        Anonymous Coward

        Re: 760,935 breaches Google detected

        "Microsoft IIS having a 32% market share of all web servers "

        Microsoft IIS now has 41% of all websites - versus 27% for Apache. See http://news.netcraft.com/

  2. Alan Brown Silver badge

    Is that all?

    It's at least an order of magnitude less than I would have expected to see.

    1. Version 1.0 Silver badge

      Re: Is that all?

      I'm guessing that they are only counting the web site infections - you wouldn't expect them to count the drive by advert infection vectors would you?

  3. MJI Silver badge

    My site was hacked once

    The index.htm was modified.

    The hosts blamed me, I blamed them.

    It was password protected, so how else could they change it?

    1. Anonymous Coward
      Anonymous Coward

      Re: My site was hacked once

      Could have been anything. Websites run on a wobbly stack of software; all of which is being constantly changed and updated. A hole in any part of that stack can allow miscreants in. Or it could be something as simple as your hosts not rate-limiting password guesses; thus allowing your site to be brute-forced. Plus there's services like email; FTP; database etc. that can lend themselves to being ninja'd into allowing people in.

      In a setup that complex, there are going to be holes. And if someone of sufficient talent wants in, they will have you. All you can do is try and keep abreast of holes and plug 'em as you find 'em. Try and at least raise the bar and make it difficult.

      1. MJI Silver badge

        Re: My site was hacked once

        Pretty sure it was not leaked at my end

        Howerver the number 123 is in the companies name

        1. Anonymous Coward
          Anonymous Coward

          Re: My site was hacked once

          I stopped using a company with a very similar name after domains I searched for seemed strangely often to be registered if I went to buy any of them.

          I hope you've moved since.

          1. That_Guy

            Re: My site was hacked once

            Mmmhmm had to dump a host due to them insisting on using older software to accommodate the needs of one of their clients. Not to Menton insecure settings... Pointing my finger at you DH.

        2. Anonymous Coward
          Anonymous Coward

          Re: My site was hacked once

          Always the hosting company's fault, eh? Never your own. Running old software were we? Easy password? Trojan on your PC sniffing FTP software logins?

          It's just incredibly rare to see a server rooted/exploited these days. 99.999% of the time a website gets done over purely because the user uploaded buggy, old, unsecure scripts. But hey, blame the hosting company, it's easier

          1. MJI Silver badge

            Re: My site was hacked once

            Pure HTML

            Password was what was given to me

  4. Anonymous Coward
    Anonymous Coward

    How many of them had google ads?

  5. WibbleMe

    I blame cheap Reseller hosting, we have an account with one of the largest ones in the UK and they want £5 per account for a weekly virus scan, we have 400 accounts and pay for the Reseller Hosting £40 a month +VAT we change customers £5 a month for Hosting and Email. How may infected sites do we have probably 10-30 but we have no way of checking. Other than FTPing the whole site down and scanning it.

    1. Anonymous Coward
      Anonymous Coward

      I get free virus scans; but monitoring a site to see if it's emitting nastyware costs $5/month. You don't need to be looking after many sites before that turns into "nah, fuck it...I'll risk it and it's about time for a backup" money.

    2. Anonymous Coward
      Anonymous Coward

      > I blame cheap Reseller hosting

      Why? The hosting's not the problem, is it? It's all the fire-and-forget copies of Wordpress and Joomla that have been uploaded, then forgotten about, or deliberately not updated.

      > they want £5 per account for a weekly virus scan

      Sounds reasonable. Virus scans are time-consuming and can be process-intensive. Or do you think server time is free because you've paid £3 a month to host a bazillion crud web sites?

      > How may infected sites do we have probably 10-30

      Incredible. You're actually part of the problem, yet your attitude towards the whole things is just so blase it's incredible.

      1. WibbleMe

        I agree I am but I am also an employee and have a boss like the one from the IT crowd.

        Each accounts has its own FTP and a 30 day lock out so 400 accounts with a limit of 1 FTP connection, thanks to reseller restraints means its 30 mins a download, I have to make money my making new websites. 98% are WordPress we do allow automated updates but there are sites where we cant even do basic htaccess protection because the clients using 3'd part software to do marketing etc.

        We do have more premium servers for ecommerce etc that run on Cpanel/WHM and they do get a daily virus scan.

    3. That_Guy

      You're being gouged.

  6. Stevie

    Bah!

    Must remember to git me some o' them thar "interstitials".

    Stupid marketerspeek drone.

  7. John Smith 19 Gold badge
    Big Brother

    Today we monitor.

    Tomorrow we control.

    All your revenue belong to us.

  8. Maty

    Um ... why does the picture that goes with this article show a bunch of ancient Spartans and Athenians? (Spartans because that upside down V is a Lambda, for 'Lacedaemonia', and Athenians because the other shields have Athena's owl.)

    As far as I know neither ancient civilization had any problems with their web servers.

    Trojans? Nope, those aren't Trojans.

  9. Aaron 10

    I always try and determine who the admin is and email them when I find some new malware or phishing attempt. Of all the times I've emailed someone about their site being used to host badware, I've never once received a reply. Oh well, it's not my bandwidth bill.

  10. David Pollard

    NHS is still being hacked

    A quick Google search with [site:nhs.uk paypal viagra] brings up a few hacks. El Reg first carried a report of the NHS site's apparent insecurity almost three years ago.

    Here's an example:

    http://www.sct.nhs.uk/order-cialis-from-india/

    and the Google cache in case it gets fixed quickly for once:

    http://webcache.googleusercontent.com/search?q=cache:e0elKN-q6jMJ:http://www.sct.nhs.uk/order-cialis-from-india/%2Bsite:nhs.uk+paypal+viagra&gbv=1&hl=en&ct=clnk

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like