Common Web Attacks. A quick 404 project update

Published: 2011-08-05
Last Updated: 2011-08-05 15:49:45 UTC
by Johannes Ullrich (Version: 1)
5 comment(s)

We are now collecting for about a week now, and I think it is time to give everybody a quick update on the project. Thanks to all the submissions so far. We do have some initial results, just not enough to automate the reports quite yet. But there are now clients for perl, python and ASP! (thanks to the contributors)

Some of the most common scans target:

  • Word Press. We do have a good number of reports joing for wp-login.php. 
  • PHPMyAdmin (/phpmyadmin/scripts/setup.php )
  • MediaWiki/Wiki (but these hits only come from a few submitters, may not be statistically significant yet)

And some frequently requested files that are likely not an attack:

  • robots.txt - search engines will look for it. You should have the file to control well behaved search engines. Just don't use it to list secret / restricted pages ;-)
  • apple-touch-icon files (there are a number of different once for different resolutions). This is just like a "favicon", but used by Apple's IOs devices. With them being more and more popular, you may want to set one up.
  • crossdomain.xml - this file is used by flash and Silverlight to communicate your cross domain policies. We have talked about the file before. It is a good idea to have an empty one that restricts access (this is the default for up to date flash players)

Please keep the reports coming and please install the "client code" on your error page if you haven't yet. Once you installed it, you can verify if your submissions are working after logging in and projecting to the 404 report page.

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: 404 project
5 comment(s)
Diary Archives