July 2007 survey of the Insecure Belgian server landscape
According to a study of securityspace.com it counted in july more or less 156.000 servers in Belgium hosting under the .Be domain.
75% of those are Apache server and this since 1999. Even with 2003 Microsoft haven't changed this evolution.
This means that any attack against Apache servers can be used against 75% of all servers in Belgium. Taken into consideration that Apache has not the same update mechanism as Microsoft and leaves the administrators enormous possibilities to make mistakes it is no wonder that Apache servers make up more than 80% of all servers hacked in Belgium.
If one looks than the number of II6 servers has gone up dramatically the last 2 years to around 24.000 but there are still around 7000 IIS5 servers around. These administrators should be snow whites that don't need a kiss but a slap in the face and give an apple of death to their old server. There is no way you can keep much longer an IIS5 secure enough. There are even 323 IIS 4 servers on the Belgian domain.
The Apache landscape is much diffuser and most of them even don't really publish the version they are running. This can be good security politics but it doesn't change anything about the securityholes itself in the server.
For example there are still 11,391 Apache 1.33 on the .be webdomein but if you Google for exploits against this server you can find a whole list.
The study is not very complete and does not pretend to be but it gives a snapshot of how insecure the basic infrastructure of the Belgian web is.
What you should do ? Be sure that you take a professional hoster that guarantees that his servers are defended, upgraded, watched after and taken care of. Don't be a monkey and leave the peanuts for real monkeys.
It is time to have an independent auditor that gives a seal of security and professionality to hosting services. Just as any other business in Belgium is submitted to audits and controls. Even the real-estate market nowadays....