More than 2,500 web servers every day are being hacked, reveals a report.
The war in Iraq prompted many website attacks
The survey by Zone-H revealed that web server attacks and website defacements grew by 36% during 2004 when almost 400,000 incidents were recorded.
The attacks include 49 separate sorties against US military servers and huge numbers of website defacements carried out during organised hacking sprees.
The research revealed that Christmas holidays are a very popular time for malicious hackers to attack sites.
The figures were collated by Zone-H - a web-based organisation that uses a world-wide network of volunteers to spot and investigate web server attacks and site defacements.
Typically defacements involve making the public facing pages of a website display a message showing which malicious hacker or group is responsible.
Website defacements were the most popular form of attack and made up the majority of the 392,545 recorded incidents.
"Defacement is just one option for an attacker," said Roberto Preatoni, Zone-H co-ordinator. "In most circumstances the techniques used by defacers are the same techniques used by serious criminals to cause more serious damage."
Spikes in attacks are tied to the school calendar
Attacks involve penetrating a site, sometimes for criminal ends, to get at the information it holds.
The report found that more than half of all attacks and defacements, 55%, succeeded by exploiting a known bug or vulnerability or an administration mistake.
Code to exploit these loopholes often appears soon after software makers publicly warn about their existence. However, many hacking groups exchange information about bugs in software long before they are publicly acknowledged.
Administration mistakes involve using easily guessable or crackable passwords. Many net server administrators forget or do not know about unused systems on a computer that can accidentally give attackers a way in.
The statistics also gather information about why hacking groups mount such attacks. Many simply do it for fun, others as a way to compete with other groups to set records for the most high-profile site attacked and a few do it to make a political point.
The figures show that the many incidents occur on the anniversaries of the start of the most recent war in Iraq when both pro-Muslim and pro-American groups defaced sites.
The survey also found that the long holidays around Christmas provoke a spike in attacks and incidents. The frequency of attacks also dips around the time that schools re-open suggesting that many teenagers are behind the defacements.
In the three years since Zone-H was set up the organisation has logged details of almost one million attacks.
The survey was produced to coincide with the start of the Infosecurity Europe show which takes place at Olympia in London from 26-28 April 2005.