Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC Webhoneypot: Attack By Type Report

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

We currently use a set of regular expressions to determine the type of attack used to attack the honeypot. Below, you will find two tables. One lists the top 30 attacks for the last month, the other table the top attacks for the last 24 hrs. (Thanks Eric Conrad for providing the regular expressions and the script to categorize the attacks)

Last 30 days

11065No match
1645Generic "=http://" RFI attempt
278Generic index.php RFI
221Generic mosConfig_absolute_path RFI
157GET /
127Falcon Series One errors.php RFI2007-6488
122doceboCMS RFI exploit
111Generic fclicksql RFI
110Generic POST proxy attempt
100PHP Form Mail RFI2005-0678
95Generic sourcedir=http:// RFI2007-4283
80Weblogicnet es_desp.php files_dir RFI2007-4715
69Generic Directory Traversal Attempt
63robots.txt access
53Generic hex-encoded "=" http: RFI attempt
46Generic PHPbb RFI
42Generic GET proxy attempt
41Generic ?include_path=http:// RFI DOCUMENT_ROOT RFI
37AppServ RFI2006-0125
32Generic ftp: RFI attempt
32phpJobScheduler installed_config_file RFI2006-5929
31Generic hex-encoded "://" http RFI attempt
30TECHNOTE body_default.php shop_this_skin_path RFI2009-0441
29WEB//NEWS parser.php WN_BASEDIR RFI2006-5100
27ACal embed/day.php path Parameter RFI2006-2261
27Advanced Poll Multiple include_path RFI2003-1179
26Generic PHP mosConfig_live_site RFI
26Claroline RFI2005-1377
24XOOPS mod_gallery RFI2008-0138

Last 24 hrs