Identify

We non-intrusively search the entire Internet for insecure, infected, leaking or phishing websites.

Notify

We then notify the website owners of the insecurity.

Educate

We educate the website owners of remedial actions while also educating the public on where to find best practices.

Insecure, infected, leaking and phishing websites impact everyone.

Not only are these websites bad for their owners they also impact the website's customers, other websites and everyone who uses the web! Depending on the problem with the website:

• The credibility of your website and the Internet in general is slightly diminished.
• The website owner can lose valuable information to hackers and competitors.
• The website owner's internal computer systems could also be compromised.
• Customers who visit the website could get infected with a virus, keylogger, Trojan or other badware.
• Customers who visit the website could get misleading information or be completely redirected to other websites. The hacker effectively takes advantage of the websites credibility in order to gain advertising power. The website owner then pays for the hackers bandwidth and server resources by hosting the unscrupulous advertisements for the hacker.
• Compromised websites can be made slaves to other nefarious activities such as spamming, extortion, botnet support and hiding hacker IP addresses from other victims.

Clearly we must be concerned about insecure, infected and leaking websites.

Insecure websites are very common.

We're gathering more data, but preliminary analysis shows that hundreds of thousands of websites have already been compromised, millions of websites contain insecure software and configurations, and nearly every website has been scanned for vulnerabilities by hackers. Looking at just websites that show vulnerability through malware infection, about 1 in every 150 websites have been hacked.
There are lots of reasons for insecure websites, but the primary reason seems to be lack of understanding about how easy it is to have an insecure website. Some other reasons include:

• People are not upgrading their website software packages once they install them.
• Poor website programming practices.
• Use of easy to guess passwords.
• Incorrect server configuration.
• Most servers do not utilize application, server, or database firewalls. Anti-virus software does not help webservers.

It's not easy to make a website hacker-proof. A determined hacker can usually succeed (even high-technology companies are hacked). However, blatant security gaps have a high chance of impacting your business, your customers and other websites on the Internet.
  How they hack your website.
  Simple security things to check on your website.
  Technical list of things to verify on your web server.

Website threats are everywhere.

The amount of hacking is increasing. Hackers are finding ways to profit from hacking and thus their efforts are increasing. They are using your hacked websites to sell competitive information, steal customer information, steal technology and lay the framework for further attacks and possible control of your systems.
The amount of hacking related information available on the web is increasing too, thereby increasing the potency and quantity of attacks and hackers.

We're helping out.

Our mission is to non-intrusively identify every compromised, easily hackable and leaking website, inform their owners of the issues and then educate them (and the public) on how to resolve and prevent security issues with their websites.
We do not attempt to hack any website. We only look at publicly available information to determine if there is an issue. Because of this approach, we can not determine if a website is not hackable. Also, by looking at publicly available information we are only able to determine the applicability of certain types of attacks. However, since this information is publicly available we have the same bulk of information that hackers have. We can use this knowledge to your advantage and let you know what the hackers know. The ironic thing is that even though this information is publicly available, most companies don't know about it. Without RescueTheWeb and some education most companies would not know their websites are hacked or are easily hacked.

We're looking for your help.

Watching over all the websites out there is a lot of work. If you would like to help out please contact us.
  To report a security issue you found with a website then please email us at
  To become a corporate sponsor or partner then please email us at

[1] By 'hacker' we mean a person who breaks computer security without authorization or uses technology (usually a computer, phone system or network) for vandalism, credit card fraud, identity theft, piracy, or other types of illegal activity. (Wikipedia article on the topic can be found here.)