Hacker-tracking site throws in the towel

After five years of keeping tabs on digital graffiti, security resource site Attrition.org will no longer update its archive of Web pages defaced by vandals. It just can't keep up.
Written by ZDNET Editors, Contributor on
While e-business may have slumped, online vandalism has been booming, according to Attrition.org.

On Monday, the nonprofit security site announced its decision to stop tracking the defacement of Web pages by online vandals because the volunteer staff can no longer keep up with the volume of defacements.

"We've served our time," staff member Brian Martin said in an open letter to the security community posted on the site. "With the rapid increase in Web defacement activity, there are times when it requires one of us to take mirrors for four or five hours straight to catch up."

"Taking a mirror" refers to copying the code of a tagged page to preserve a facsimile of it in Attrition's archive.

Attrition.org is home to what is perhaps the most complete archive of tagged Web pages on the Internet, stretching back more than five years.

When online vandals deface a site, they typically tip off Attrition, which then confirms the defacement by going to the tagged page itself, copies the page, and puts it in the archive.

However, what started as a way to track what was happening around the Web has become a second full-time job for many Attrition volunteers, the letter said.

In 1995, Attrition started tracking the occasional digital graffiti. But today more vandals with more automated tools have caused defacements to balloon out of control. On several days in the last month, for example, more than 100 Web sites--three times the total for the years 1995 and 1996 combined--were defaced by vandals, according to the letter.

By tracking the defacements, Attrition lent others in the security community insight into which sites and servers were secure and which weren't.

For instance, while the open-source Apache Web server continues to power the majority of Web sites, defacements of sites on Web servers based on Microsoft's Internet Information Server continue to be higher. In fact, a recent IIS 5.0 vulnerability has led to a massive spike in defacements of sites on Windows 2000 servers, according to data from Attrition.

Though it will no longer be updated, the Attrition archive will remain online. Archives, or "mirrors," on other sites will continue to operate, and Attrition will continue to publish statistical data and research culled from other deface mirrors, the letter said.

Editorial standards