During the month of June the following information was obtained from Glastopf installations worldwide
Geographical spread
10 most popular injected files during the period
Short introduction to RFI:
“Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation.
During the month of April the following information was obtained from Glastopf installations worldwide
Number of alert for the period: 1325919
Filenames (RFI) - 10 most common during the period:
Specifically newsworthy event: Ping back”
pingback.ping, which is a legit WordPress feature is misused to DoS victims using legit WordPress sites.
URL describing the issue: http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed- denial-of-service-attack.html
Method:
pingback.pinghttp://victim.com www.anywordpresssite.com/postchosenparam>' Extent:
We started monitoring this event, late into the month. But even so, the top 10 victim sites was hit with a total of 13441 requests.
During the month of May the following information was obtained from Glastopf installations worldwide
Number of alert for the period: 1859863
Filenames (RFI) - 10 most popular during the period:
Ping back
pingback.ping, which is a legit WordPress feature misused to DoS victims using legit WordPress sites.
URL describing the issue: http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html
Method:
pingback.pinghttp://victim.comwww.anywordpresssite.com/postchosen' Extent:
During may we collected 37705 pingback.ping request targeting various sites. This month it were sites that was facilitating DDoS attacks that was in focus, most likely from competition.
UPDATE: the log data is posted here. A notification group about new log sharing is here.
This WASL 2009 workshop reminded me that I always used to bitch that some academic researchers use antediluvian data sets for their research (Lincoln labs 1998 set used in 2008 “security research” makes me want to just curse and kick people in the balls, then laugh, then cry, then cry more…).
However, why are they doing it?