Global Glastopf statistics for June 2014

08 Aug 2014 Mikael Keri glastopf logs reports statistics
During the month of June the following information was obtained from Glastopf installations worldwide Geographical spread 10 most popular injected files during the period Short introduction to RFI: “Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation.

Global Glastopf statistics for April 2014

16 Jul 2014 Mikael Keri glastopf logs report statistics
During the month of April the following information was obtained from Glastopf installations worldwide Number of alert for the period: 1325919 Filenames (RFI) - 10 most common during the period: Specifically newsworthy event: Ping back” pingback.ping, which is a legit WordPress feature is misused to DoS victims using legit WordPress sites. URL describing the issue: http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed- denial-of-service-attack.html Method: pingback.pinghttp://victim.com www.anywordpresssite.com/postchosenparam>' Extent: We started monitoring this event, late into the month. But even so, the top 10 victim sites was hit with a total of 13441 requests.

Global Glastopf statistics for May 2014

16 Jul 2014 Mikael Keri glastopf logs reports statistic
During the month of May the following information was obtained from Glastopf installations worldwide Number of alert for the period: 1859863 Filenames (RFI) - 10 most popular during the period: Ping back pingback.ping, which is a legit WordPress feature misused to DoS victims using legit WordPress sites. URL describing the issue: http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html Method: pingback.pinghttp://victim.comwww.anywordpresssite.com/postchosen' Extent: During may we collected 37705 pingback.ping request targeting various sites. This month it were sites that was facilitating DDoS attacks that was in focus, most likely from competition.

Free Honeynet Log Data for Research

26 Jun 2009 Anton Chuvakin data honeynet honeypot linux logging logs research security
UPDATE: the log data is posted here. A notification group about new log sharing is here. This WASL 2009 workshop reminded me that I always used to bitch that some academic researchers use antediluvian data sets for their research (Lincoln labs 1998 set used in 2008 “security research” makes me want to just curse and kick people in the balls, then laugh, then cry, then cry more…). However, why are they doing it?