Global Glastopf statistics for May 2014

16 Jul 2014 Mikael Keri glastopf logs reports statistic

During the month of May the following information was obtained from Glastopf installations worldwide

Number of alert for the period: 1859863

Filenames (RFI) - 10 most popular during the period:

Ping back

pingback.ping, which is a legit WordPress feature misused to DoS victims using legit WordPress sites.

URL describing the issue: http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html

Method:

pingback.pinghttp://victim.comwww.anywordpresssite.com/postchosen'

Extent:

During may we collected 37705 pingback.ping request targeting various sites. This month it were sites that was facilitating DDoS attacks that was in focus, most likely from competition.

Top pick from list of requested resources

And ..

This was a small excerpt from the collected data. I hope this encouraged you to continue to have hpfeeds enabled (or to enable it, if you have turned it off) on your honeypot/honeypots as the data gives a very valuable insight into current threats globally.

System reference:

“Glastopf is a Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications. The principle behind it is very simple: Reply the correct response to the attacker exploiting the web application.”

For more information please visit:
http://www.glastopf.org/index.php or https://github.com/glastopf/glastopf

All data was collected using hpfriends, for more information please visit: http://hpfriends.honeycloud.net/