Yes, the Internet is a War Zone

Published Jul 14, 2017
Yes, the Internet is a War Zone

Here's a sample report of the numbers and types of attacks a server that gets about 400k requests/day experience...at least, it did before I blocked about 200 countries (the service is very specific to the US/CA/UK).

This report covers a 9 days period. It only covers web based attacks and not attacks on other ports or brute force attacks.

 512,815 SQL Injection Attack Detected via libinjection
   6,567 Remote Command Execution: Windows Command Injection
   1,394 Detects conditional SQL injection attempts
   1,349 HTTP Response Splitting Attack
   1,268 IE XSS Filters - Attack Detected. 
    922 NoScript XSS InjectionChecker: HTML Injection
    909 XSS Attack Detected via libinjection
    838 Request Missing a Host Header
    561 Remote Command Execution: Unix Shell Expression Found
    516 XSS Filter - Category 4: Javascript URI Vector
    286 Node-Validator Blacklist Keywords 
    219 XSS Filter - Category 3: Attribute Vector
    164 Inbound Anomaly Score Exceeded (Total ...) ...
     90 Path Traversal Attack (/../)
     73 Remote Command Execution: Windows FOR/IF Command Found
     62 Host header is a numeric IP address
     62 Found User-Agent associated with security scanner
     61 URL Encoding Abuse Attack Attempt
     52 Remote Command Execution: Direct Unix Command Execution
     44 Remote Command Execution: Unix Command Injection
     34 Detects concatenated basic SQL injection and SQLLFI attempts
     30 HTTP Request Smuggling Attack
     28 SQL Injection Attack: Common DB Names Detected
     25 Restricted File Access Attempt
     22 Detects MySQL and PostgreSQL stored procedure/function injections
     21 OS File Access Attempt
     15 NoScript XSS InjectionChecker: Attribute Injection
     14 US-ASCII Malformed Encoding XSS Filter - Attack Detected.
     13 XSS Filter - Category 1: Script Tag Vector
     13 URL file extension is restricted by policy
     11 PHP Information Leakage
     11 Correlated Successful Attack Identified: (Total ...) ...
     10 Remote Command Execution: Unix Shell Code Found
     10 PHP Injection Attack: High-Risk PHP Function Call Found
      9 mysql SQL Information Leakage
      9 Looking for basic sql injection. Common attack string for mysql, oracle and others.
      9 Detects MSSQL code execution and information gathering attempts
      8 Method is not allowed by policy
      7 PHP Injection Attack: Configuration Directive Found
      7 Directory Listing
      4 POST request missing Content-Length Header.
      3 postgres SQL Information Leakage  
      2 PHP source code leakage
      2 PHP Injection Attack: Serialized Object Injection
      2 Multiple/Conflicting Connection Header Data Found.
      2 HTTP Header Injection Attack via payload (CR/LF and header-name detected)
      1 Outbound Anomaly Score Exceeded (score 13): PHP source code leakage
      1 GET or HEAD Request with Body Content.
      1 Empty User Agent Header

Maybe it's time for you to have a security audit?? 😃

Discover and read more posts from Jason (@iDoMeteor)
get started