Australian web servers have been getting a proper grilling from a defacer who seems bent on bringing poor security policies to the attention of the masses.

Since the defacer known as L4m4 began his campaign at the end of last month, he has notched up 48 .au defacements.

Starting off with moloneyandpartners.com.au on 28 June, he left a message reading: "This is the first example of the lack of company focus in Australian IT security. Why is it that sys admins so often practise security by obsecurity?"

He continued: "I ask the Australian business community to step up their focus in their security procedures, or you will be next. No, your IT guy who you have trusted for so many years has no idea when they tell you that your web server is, 'safe as houses, mate' [sic]." He signed the message L4m4 Haxor and added the slightly cryptic, "WAKE UP WE ARE ALREADY BEHIND", which may imply that L4m4 is an Aussie himself.

Over the last seven days L4m4 has hit a further 47 Australian sites, the latest being duplex.com.au, which was defaced yesterday with the message: "0wned by L4m4. Once again really BAD Australian server security!! Your Security is only as good as your staff. L4m4."

All the targeted sites are running Windows NT and IIS webserver and some don't appear to have been fixed yet.

Although a number of the sites attacked seem to be patched against the notorious Unicode flaw, there have been a number of vulnerabilities recently which administrators have obviously not guarded against.