Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Webhoneypot: Attack By Type Report - SANS Internet Storm Center Webhoneypot: Attack By Type Report

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

We currently use a set of regular expressions to determine the type of attack used to attack the honeypot. Below, you will find two tables. One lists the top 30 attacks for the last month, the other table the top attacks for the last 24 hrs. (Thanks Eric Conrad for providing the regular expressions and the script to categorize the attacks)

Last 30 days

11065No match
1645Generic "=http://" RFI attempt
278Generic index.php RFI
221Generic mosConfig_absolute_path RFI
157GET /
127Falcon Series One errors.php RFI2007-6488
122doceboCMS RFI exploit
111Generic fclicksql RFI
110Generic POST proxy attempt
100PHP Form Mail RFI2005-0678
95Generic sourcedir=http:// RFI2007-4283
80Weblogicnet es_desp.php files_dir RFI2007-4715
69Generic Directory Traversal Attempt
63robots.txt access
53Generic hex-encoded "=" http: RFI attempt
46Generic PHPbb RFI
42Generic GET proxy attempt
41Generic ?include_path=http:// RFI DOCUMENT_ROOT RFI
37AppServ RFI2006-0125
32phpJobScheduler installed_config_file RFI2006-5929
32Generic ftp: RFI attempt
31Generic hex-encoded "://" http RFI attempt
30TECHNOTE body_default.php shop_this_skin_path RFI2009-0441
29WEB//NEWS parser.php WN_BASEDIR RFI2006-5100
27ACal embed/day.php path Parameter RFI2006-2261
27Advanced Poll Multiple include_path RFI2003-1179
26Generic PHP mosConfig_live_site RFI
26Claroline RFI2005-1377
24Spaw Editor spaw_control.class.php RFI2007-3237

Last 24 hrs