Web servers increasingly targeted by hackers
February 6, 2007
On average, a Web server connected to the Internet will be attacked by hackers about 92 times an hour, according to a new report published by the James Clark School of Engineering at The University of Maryland. The study reveals that hack attacks now occur at a near-constant rate, and is growing at an alarming rate.
The research, conducted by assistant professor Michel Cukier, profiled the behavior of brute force hackers to determine which usernames and passwords are tried most often, and what hackers do when they gain access to a server.
"On any given day, the majority of these server attacks employ automated scripts that indiscriminately seek out thousands of servers at a time looking for specific vulnerabilities or security holes," Cukier said.
"This data provides quantifiable evidence that attacks are happening all the time to Web servers. On average, the machines in our study were attacked over 2,244 times a day."
Cukier and two of his graduate students, Daniel Ramsbrock and Robin Berthier, set up weak security on four Linux servers, and recorded what happened as the individual machines were attacked.
The greater majority of hack attacks came from relatively unsophisticated people using 'dictionary scripts', a type of software that runs through lists of common usernames and passwords attempting to break into a server.
'Root' was the top username guessed by dictionary scripts, and was attempted twelve times as often as the second-place 'admin'.
Successful root access would open the entire server to the hacker, while 'admin' would grant access to somewhat lesser administrative privileges.
Other top usernames in the hackers' scripts were 'test', 'guest', 'info', 'adm', 'mysql', 'user', 'administrator' and 'oracle'. Cukier advised that all of these should be avoided as usernames.
The researchers that found the most common password-guessing ploy was to re-enter or try variations of the username. Some 43 per cent of all password-guessing attempts simply re-entered the username.
The username followed by '123' was the second most-tried choice. Other common passwords attempted included '123456', 'password', '1234', '12345', 'passwd', '123', 'test' and '1'.
These findings support the warnings of security experts that a password should never be identical or even related to its associated username, according to Cukier.
"The scripts return a list of 'most likely prospect' servers to the hacker, who then attempts to access and compromise as many as possible," he said.
"Often they set up 'back doors', undetected entrances into servers that they control so they can create botnets for profit or disreputable purposes."
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing