LOG IN
Find MentorsFind FreelancersCommunity PostBlog
SIGN UP
LOG IN
Codementor Events
Jason (iDoAWS)
Follow
Cloud Solutions Architect specializing in AWS emergency support, scaling, automation, security & migrations.

Yes, the Internet is a War Zone

Published Jul 14, 2017
Yes, the Internet is a War Zone

Here's a sample report of the numbers and types of attacks a server that gets about 400k requests/day experience...at least, it did before I blocked about 200 countries (the service is very specific to the US/CA/UK).

This report covers a 9 days period. It only covers web based attacks and not attacks on other ports or brute force attacks.

 512,815 SQL Injection Attack Detected via libinjection
   6,567 Remote Command Execution: Windows Command Injection
   1,394 Detects conditional SQL injection attempts
   1,349 HTTP Response Splitting Attack
   1,268 IE XSS Filters - Attack Detected. 
    922 NoScript XSS InjectionChecker: HTML Injection
    909 XSS Attack Detected via libinjection
    838 Request Missing a Host Header
    561 Remote Command Execution: Unix Shell Expression Found
    516 XSS Filter - Category 4: Javascript URI Vector
    286 Node-Validator Blacklist Keywords 
    219 XSS Filter - Category 3: Attribute Vector
    164 Inbound Anomaly Score Exceeded (Total ...) ...
     90 Path Traversal Attack (/../)
     73 Remote Command Execution: Windows FOR/IF Command Found
     62 Host header is a numeric IP address
     62 Found User-Agent associated with security scanner
     61 URL Encoding Abuse Attack Attempt
     52 Remote Command Execution: Direct Unix Command Execution
     44 Remote Command Execution: Unix Command Injection
     34 Detects concatenated basic SQL injection and SQLLFI attempts
     30 HTTP Request Smuggling Attack
     28 SQL Injection Attack: Common DB Names Detected
     25 Restricted File Access Attempt
     22 Detects MySQL and PostgreSQL stored procedure/function injections
     21 OS File Access Attempt
     15 NoScript XSS InjectionChecker: Attribute Injection
     14 US-ASCII Malformed Encoding XSS Filter - Attack Detected.
     13 XSS Filter - Category 1: Script Tag Vector
     13 URL file extension is restricted by policy
     11 PHP Information Leakage
     11 Correlated Successful Attack Identified: (Total ...) ...
     10 Remote Command Execution: Unix Shell Code Found
     10 PHP Injection Attack: High-Risk PHP Function Call Found
      9 mysql SQL Information Leakage
      9 Looking for basic sql injection. Common attack string for mysql, oracle and others.
      9 Detects MSSQL code execution and information gathering attempts
      8 Method is not allowed by policy
      7 PHP Injection Attack: Configuration Directive Found
      7 Directory Listing
      4 POST request missing Content-Length Header.
      3 postgres SQL Information Leakage  
      2 PHP source code leakage
      2 PHP Injection Attack: Serialized Object Injection
      2 Multiple/Conflicting Connection Header Data Found.
      2 HTTP Header Injection Attack via payload (CR/LF and header-name detected)
      1 Outbound Anomaly Score Exceeded (score 13): PHP source code leakage
      1 GET or HEAD Request with Body Content.
      1 Empty User Agent Header

Maybe it's time for you to have a security audit?? 😃

Security softwareInternetServerAttackAuditing
Report

Enjoy this post? Give Jason (iDoAWS) a like if it's helpful.

post comments
Jason (iDoAWS)
Cloud Solutions Architect specializing in AWS emergency support, scaling, automation, security & migrations.
I put out production cyber fires over donuts and camp fires. Polyphasic sleeper serving all timezones. Provider of live-help in real-time via video conference for technologies I have mastered and problems no one else can solve. ...
Follow
Discover and read more posts from Jason (iDoAWS)
get started
post commentsBe the first to share your opinion
MarkdownGitHub flavored markdown supported
submit
Show more replies