forked from wedaa/LongTail-Log-Analysis
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
154 lines (154 loc) · 4.72 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
<HTML>
<HEAD>
<TITLE>LongTail Log Analysis Home Page/Concise Version</TITLE>
</HEAD>
<BODY bgcolor=#00f0FF>
<H1>LongTail Log Analysis/Concise Version</H1>
<P>This page is updated hourly.
Last updated on Sun Mar 8 16:59:01 EDT 2015
<P><a href="/honey/index-long.html">Long Version Of This Page, including 7 day, 30 day, yearly and historical reports</a>
<HR>
<H2>SSH Attacks and Probes</H2>
<P>
SSH Activity Today: 3152
<BR>
SSH Activity This Month: 76458
<BR>
SSH Activity This Year: 551091
<BR>
SSH Activity Since Logging Started: 551091
<H3>What you're probably most interested in are historical trends</H3>
<a href ="trends-in-root-passwords">Trends in Top 20 Root Passwords</a>
<BR>
<a href ="trends-in-admin-passwords">Trends in Top 20 Admin Passwords</a>
<BR>
<a href ="trends-in-non-root-passwords">Trends in Top Non 20 Root/Admin Passwords</a>
<BR>
<a href ="trends-in-accounts">Trends in Top 20 Accounts</a>
<BR>
<BR>
<a href ="graphics.html">Charts and Graphs</a>
<BR>
<a href ="graphics.html">Charts and Graphs</a>
<BR>
<a href ="statistics.html">Number of Attacks Statistics</a>
<BR>
<BR>
<a href ="current_attackers_lifespan.html">Lifetimes of Attackers</a>
<BR>
<a href ="attacks/ip_attacks.html">Attack Patterns By IP Address</a>
<BR>
<a href ="attack_patterns.html">Attack Patterns Used Multiple Times</a>
<BR>
<a href ="attack_patterns_single.html">Attack Patterns Used Only Once</a>
<BR>
<a href ="dictionaries.html">Dictionaries Used</a>
</a>
<H3>Today's Activity</H3>
<a href ="current-root-passwords">Root Passwords</a>
<BR>
<a href ="current-top-20-root-passwords">Top 20 Root Passwords</a>
<BR>
<BR>
<a href ="current-admin-passwords">Admin Passwords</a>
<BR>
<a href ="current-top-20-admin-passwords">Top 20 Admin Passwords</a>
<BR>
<BR>
<a href ="current-non-root-passwords">Non Root/Admin Passwords</a>
<BR>
<a href ="current-top-20-non-root-passwords">Top 20 Non Root/Admin Passwords</a>
<BR>
<BR>
<a href ="current-non-root-accounts">Accounts Tried</a>
<BR>
<a href ="current-top-20-non-root-accounts">Top 20 Accounts Tried</a>
<BR>
<BR>
<a href ="current-non-root-pairs">Non Root/Admin pairs</a>
<BR>
<a href ="current-top-20-non-root-pairs">Top 20 Non Root/Admin pairs</a>
<BR>
<BR>
<a href="current-ip-addresses">IP Addresses</a>
<BR>
<a href="current-top-20-ip-addresses">Top 20 IP Addresses</a>
<BR>
<a href="current-attacks-by-country">Attacks By Country, By IP Address </a>
<BR>
<BR>
<a href="current-raw-data.gz">Current Raw Data</a>
<BR>
<!--
<H2>HTTP Attacks and Probes</H2>
<H3>Today's Activity</H3>
<P>Shellshock:What webpages are they looking for?
<BR>
<a href="current-shellshock-webpages">Shellshock Webpages<a/>
<BR>
<a href="current-top-20-shellshock-webpages">Top 20 Shellshock Webpages</a>
<BR>
<BR>
<P>What are the actual attacks they are trying to run?
<BR>
<a href="current-attacks">Attacks</a>
<BR>
<a href="current-top-20-attacks">Top 20 Attacks</a>
<BR>
<BR>
<P>Where are they getting their payloads from or trying to connect to with bash?
<BR>
<a href="current-payloads">Payloads</A>
<BR>
<a href="current-top-20-payloads">Top 20 Payloads</a>
<BR>
<P>What are they trying to rm?
<BR>
<a href="current-rm-attempts">`rm` attempts</a>
<BR>
<a href="current-top-20-rm-attempts">Top 20 `rm` attempts</a>
<BR>
<BR>
<P>Shellshock attacks not explitly using perl
<BR>
<a href="current-shellshock-not-using-perl">Shellshock Attacks not explicitly using perl</A>
<BR>
<a href="current-top-20-shellshock-not-using-perl">Top 20 Shellshock Attacks not explicitly using perl</A>
<BR>
<BR>
<P>Shellshock logs
<BR>
<a href="current-access-log-shell-shock">Todays Apache Shell Shock log</a>
<BR>
<a href="current-country-access-log-shell-shock">Todays Apache Shell Shock Country log</a>
<BR>
<a href="current-ip-access-log-shell-shock">Todays Apache Shell Shock IP log</a>
<BR>
<BR>
<P> 404 Probes
<BR>
<a href="current-access-log-404">Today's 404 Probes Log</a>
<BR>
<BR>
<a href="current-open-proxy-log-404">Today's Open Proxy Log</a>
<BR>
<a href="current-ip-open-proxy-404">Today's IP Open Proxy Log</a>
<BR>
<a href="current-country-open-proxy-log-404">Today's Country Open Proxy Log</a>
<BR>
<BR>
<a href="current-ip-access-log-404">Today's 404 Probes IP Log</a>
<BR>
<a href="current-top-20-ip-access-log-404">Today's Top 20 404 Probes IP Log</a>
<BR>
<a href="current-country-access-log-404">Today's 404 Probes Country Log</a>
<H3>Access Logs</H3>
<a href="current-access-log">Todays Apache access log</a>
<HR>
<a href="historical/">Long Term Historical Reports For ssh and HTTP Attacks</A>
-->
<HR>
<P>Get the source code at <a href="https://github.com/wedaa/LongTail-Log-Analysis">https://github.com/wedaa/LongTail-Log-Analysis</a>
<P>Read my blog at <a href="https://ewedaa.wordpress.com/">https://ewedaa.wordpress.com/</a>
<P>LongTail Copyright 2015 by Eric Wedaa, under GPLV2
</BODY>