Three in four phishing sites are hosted on compromised servers, according to a new survey.

A study of 2,486 fraudulent websites found that 76 per cent were housed on hacked webservers, typically pwned after hackers identified well-known vulnerabilities using search engine queries. Free web hosting for fraudulent websites was used in just 17.4 per cent of cases.

The paper, called Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing, by security researchers Tyler Moore and Richard Clayton, also found that a sizeable minority of compromised systems were serial victims of attack.

One in five (19 per cent) were hit again less than six months after a phishing-related hack attack. That's because legitimate owners might turf out fraudsters from their systems but they often fail to fix underlying vulnerabilities that let them in.