This is the monthly review of my
Honeypot for April 2015. It is based on data taken from Apache log
files. The tool used to optimize the data is mypyfwa.py which
is part of the MyPythonApacheFirewall, a project I started on
github some time ago.
In the current state, the analyze
script extracts requests based on four different types
- PATH: this describes the usage of more than three „/“ in the request
- SCANNER: describes that one of the blacklisted scanners is used (Zeus, masscan, etc)
- SHELLinjection: describes that wget or curl was used within the query
- SQLinjection: describes that a string including SQL syntax was use
Attacker by Countrycode
Keine Kommentare:
Kommentar veröffentlichen