[Honeypot Alert] Status Report for January 2012
Monthly Web Honeypot Status Report
We have received a tremendous amount of positive feedback on our web-based honeypot alert blog posts. While we agree that this data is useful for raising awareness of individual attack details, we feel that what was missing was information on scale. Specifically, how many of each type of attacks are we seeing. The goal of these new monthly blog posts will be to provide some context on the web attack trends we are seeing in hopes that this will aid organization with determining attack likelihood.
Reporting Period: January 2012
Number of Web Honeypot Sensors: 69
Total Number of Attacks Seen for January 2012: 468194
Attack Types per Month
The overall number of attacks seen did decrease from 646973 in December 2011 down to 468194 in January 2012 (a 27% reduction).
Example Attack Trends
Timthumb Attacks
The overall volume of Timthumb injection attacks dropped significantly from what we saw in December 2011 (down 67%) however with ~144k attacks still seen it is by no means a sporadic attack vector.
Remote File Inclusion (RFI) Attacks
RFI attacks also decreased significantly from December 2011 to January 2012 (down 86%).
Local File Inclusion (RFI) Attacks
While Timthumb and RFI attack traffic was trending down, LFI attacks increased dramatically up 671% from December 2011.
Attacker Source Trends
Total Number of Unique Attack Sources: 2100
Top 10 Attacker Sources
| Hostname | Country Code | Country Name | Region | Region Name | City | ISP | Organization |
|---|---|---|---|---|---|---|---|
| 46.105.107.98 | FR | France | Ovh Systems | OVH SAS | |||
| 188.121.60.63 | NL | Netherlands | Go Daddy Netherlands B.V. | Go Daddy Netherlands B.V. | |||
| 91.218.229.49 | RU | Russian Federation | Internet-Hosting Ltd | Internet-Hosting Ltd | |||
| 208.115.216.122 | US | United States | TX | Texas | Dallas | Limestone Networks | Limestone Networks |
| 69.167.178.92 | US | United States | MI | Michigan | Lansing | SourceDNS | SourceDNS |
| 212.227.87.42 | DE | Germany | 1&1 Internet AG | 1&1 Internet AG | |||
| 188.165.217.226 | FR | France | Ovh Systems | OVH SAS | |||
| 174.37.9.114 | US | United States | TX | Texas | Dallas | SoftLayer Technologies | Joylab.ca |
| 74.208.180.119 | US | United States | PA | Pennsylvania | Wayne | 1&1 Internet | 1&1 Internet |
| 173.236.47.66 | US | United States | IL | Illinois | Chicago | SingleHop | JDI - JustHost Web and Backup Servers |