This according to phishtank.com
Since some months we are running a test on urltrends.com. They show us a lot of graphics for different webpresence services (search machines, blogs, social bookmarks) that indicates the popularity of the website. But we came to the conclusion that it is too hectic to be 100 believable and otherwise that it shows clearly that if you don't monitor permanently your webpresence if you have serious business on the web that you can be in for some big surprises.
No way you could lose more than 8000 links in one month for example and so there are many more examples.
You should also always double check this kind of tools and services with some others if you want more than voodoo-science.
According to a study of securityspace.com it counted in july more or less 156.000 servers in Belgium hosting under the .Be domain.
75% of those are Apache server and this since 1999. Even with 2003 Microsoft haven't changed this evolution.
This means that any attack against Apache servers can be used against 75% of all servers in Belgium. Taken into consideration that Apache has not the same update mechanism as Microsoft and leaves the administrators enormous possibilities to make mistakes it is no wonder that Apache servers make up more than 80% of all servers hacked in Belgium.
If one looks than the number of II6 servers has gone up dramatically the last 2 years to around 24.000 but there are still around 7000 IIS5 servers around. These administrators should be snow whites that don't need a kiss but a slap in the face and give an apple of death to their old server. There is no way you can keep much longer an IIS5 secure enough. There are even 323 IIS 4 servers on the Belgian domain.
The Apache landscape is much diffuser and most of them even don't really publish the version they are running. This can be good security politics but it doesn't change anything about the securityholes itself in the server.
For example there are still 11,391 Apache 1.33 on the .be webdomein but if you Google for exploits against this server you can find a whole list.
The study is not very complete and does not pretend to be but it gives a snapshot of how insecure the basic infrastructure of the Belgian web is.
What you should do ? Be sure that you take a professional hoster that guarantees that his servers are defended, upgraded, watched after and taken care of. Don't be a monkey and leave the peanuts for real monkeys.
It is time to have an independent auditor that gives a seal of security and professionality to hosting services. Just as any other business in Belgium is submitted to audits and controls. Even the real-estate market nowadays....
The new telecom law has not been applied as previewed by the old government even if the amendments to secure the internet were proposed by one of its own political parties (SPA) and at that time supported by the opposition CDV. These put the responsability for the security of their infrastructure and that of their clients on the ISP's. Those articles have not been applied and put into practice untill now even if the two responsable ministers Verwilghen and Vandenbossche said that they were supporters of the consumers and each had their own laughable petprojects about security on the internet - as other ministers had (too much money and too little strategic thinking).
On the list http://be-hacked.skynetblogs.be are now also put servers that send out spam and viruses and later we will put servers that are vulnerable on the list. The hacked list will not only contain servers that are hacked but that are hackable or vulnerable or that are known on the internet as malicious zombies or servers.
Trustedsource and the projecthoneypot both identify the infrastructure of brutele.be as one of the weakest links in the security of the Belgian Internet. The number of comprosmised posts and servers is too much even for me to continue to list on that list. As an example some are put but with both indexes you can find many more.
As on the internet the safety of one is accomplished by the safety of the others this is a very dangereous situation indeed. The more that brutele is not in a little province or commune but is on the territory of the capital of Europe where many national and international instutions and corporations are based. As attacks start with scanning and infecting the points closest to the first victim this situation can have greater effects on the rest of the infrastructure in Brussels.
So will someone wake up or is everybody dreaming about the sun in Spain ?
While busy with looking through the listings with Belgian servers in blacklists I found the really strange fact that there are a lot of them blacklisted since a long time and that didn't do anything to have them retired from it.
Do they have any knowledge about what the consequences are for an emaildomein to be blacklisted. It means that your mails will be refused by mailservers all over the world without any notification. For the ISP it means that the IP address is compromised and may not be used by another firm before all complaints and cases about the previous owner are cleaned up.
How would you feel if you would get this IP address from your ISP
and you would find that it is blacklisted since 2005 without any follow up
and this is just one example
You would presume that big ISP's controlled frequently those blacklists to be sure that no server or 'infected' stations were mentioned in those and to clean up or follow up on them. You would also presume that a good admin would look from time to time into blacklists to see if his servers are mentioned.
Just to presever the integrity and value of his domain
Even more because most of these incidents seem to be maldirected open relay tests or single incidents in which it is easy to solve the problem. You may say rightly so that the example is in an unconfirmed list but nonetheless it will be red in many indicators and that may get starting over alarms that aren't necessary.
We will add new servers on http://be-hacked.skynetblogs.be
The trojan sending spam furnishing hacked servers on the Belgian internet. Is there someone to clean up ? well we will see. Hope that you are not in this list.
We will use FURL to add new servers without investing too much time ourselves in something nobody else seems to care about.
As we say. No omerta.
We only use publicly available information on the internet to identify these servers and do no testing ourselves on these servers. You are already blacklisted if you appear on this list.
No omerta. Clean up the web.
Seems some servers were hacked yesterday with a lot of Belgian domains on it. Well if you don't read any security news and you pretend to be a serious administrator than you don't know that probably Apache has a big problem now if it is not very well configured and so one security hole in one site becomes a problem for all the installed sites on the server. Also it is clear that some Belgian sites or servers don't care at all that there sites are hacked and still have their hacked pages up and running, some even on the fhomepage. But as long as it is not a site from the Belgian military or the police, who cares. Let all these hacked servers and sites stay in the hand of the hackers. Let them place viruses, files and other stuff on them, why not ? Who cares ? Nobody is responsable here for anything on the cyberfront, so why should you care ?
And the Belgian cyberpolice is very busy in virtual worlds and giving conferences blablabla but cleaning up ? So nobody is learning from the MPACK affair in which normal sites where hacked not for pseudo searchengines, not for phishing sites, not to place viruses or illegal files or just to deface a bit, but to add zombies to their botnet. But why would you care if even the cyberpolice doesn't care ?
One exceptional thing is that the first userpage (from Telenet-) has been hacked something that is now becoming a plague in the free.fr community in France.
the list you can find as usual on http://be-hacked.skynetblogs.be with the stream from Furl
Due to security limitations not all pages cached will show all graphics and effects of the hack because I have seen that all the normal antimalware software left through a lot of 'heuristic' stuff that was only discovered days later.
An important lesson for real webmasters.Get your own host and get out of shared hosting. If you want to be in the same garage as the most stupid kid on the block it is your choice but do not wine afterwards that your online image or business has gone broke because your shared server was owned. You really have to be a very stupid businessmen to still have sites on shared hosting if you know that it only costs a fraction more.And keep your things secure. Not only for your own business but for all of us. Nobody else will do it for you or will clean up the mess for you afterwards.
On the belgian web you are on your own. Really. Nobody will halt the attacks and viruses for you before they arrive at your network or server. Even if this is a legal obligation in the New Belgian Telecom Law. Maybe Test Achats should go to court (after Sabam) and ask that the ISP's execute the law and do the right thing.
The RSS feed of the only update on defaced sites for the moment (as zone-h.org goes more offline than online and destroys its archive every so many days)