From ArticleWorld

In its malicious sense, a rooter is a cracker who exploits a web server vulnerability to access the root directory of the hosting machine. The term should not be confused with the phonetically similar "router", which is specialized hardware or software that "drives" Internet packets along the network.


There are several reasons why a cracker would attempt such an attack. In general, this is done to create unauthorized accounts, or to access the accounts of other users. It is not uncommon for attackers to interrupt access to files vital for administration in order to prevent the removal of the accounts they create.

The accounts are most often used to distribute warez content, which was a popular method of spreading applications, movies or music when P2P didn't exist. This allowed attackers to use great bandwidth resources that would otherwise be unavailable to them.

Mass-cracking software actually became available, testing web servers for well known vulnerabilities that would allow a rooting attack. The most common targets were systems which weren't very well guarded, like many university servers. This lead to a proliferation of such attacks, making them a main security concern at its times.

These attacks can create quite a serious havoc on the server, often resulting in a ceasing of the service, sometimes for days.

Non-malicious use

Rooting attacks can also be executed for non-malicious purposes. It is somewhat ironic, in fact, that such attacks are required to repair a server that has been subject to exactly the same kind of attack. If the attackers modified the password, a rooting attack is exactly what administrators would try to do in order to repair the system.


Rooting attacks generally exploit quite obvious problems in the source code. Therefore, the general method is simply to keep everything in the system updated, and close down any significant backdoors.