A study of 270 phishing attacks between mid 2009 and this past March found that many of the victims were repeat targets.

The Internet Policy Committee of the Anti-Phishing Working Group began an online survey about 18 months ago that sought input from managers of websites that had been exploited in phishing attacks and other malevolent efforts.

Of the 270 who completed surveys, 37% said they had phishing or spoof sites planted on their Web servers two or more times, which the APWG said speaks to the difficulty of securing an online enterprise.

The most frequently attacked operating system among survey respondents was Linux OS (76%). Attack victims reported that they used Apache as their Web server in 81% of the responses, MySQL as their database application in 81% of the responses, and PHP/Java as their application platform in 82% of responses.

“While we acknowledge that ‘LAMP’–Linux, Apache, MySQL, PHP–is the most popular Web operating environment, the APWG IPC is concerned that this profile is exploited with such apparent frequency,” the industry trade group said in a report.

“Phishers value compromised websites highly because they are much harder for interveners to take down. They’re confident that they’ll be able to identify and exploit sites, and do so repeatedly. Victims are not mitigating exploits entirely or are not implementing adequate measures to keep them away,” said APWG Research Fellow Dave Piscitello of ICANN.