A hacker in a black hoodie using a tablet displaying a skull, surrounded by chalk symbols and 'Hacker Attack' text.
|

Malicious Website Traffic

Byp_shell

Introduction

Cyber Security is a daily battle to keep on top of the vulnerabilities which may appear in your environment over time. One of the primary methods that website administrators will use to protect their website from malicious traffic is firewalls. This essential IT infrastructure sits between your website and the public internet to provide all sorts of protection and logging.

Bad Actors

In an ongoing effort to protect our website, we thought it might be helpful for others to publish real-life examples of how malicious traffic appears and what can be done to help combat the issue. Within a few hours of this website going live, malicious traffic started to appear. We would not have been aware that the traffic was hitting this website without utilising a firewall product such as WordFence.

WordFence is one of the leading providers of website security. Thanks to the logging capabilities of WordFence, we were able to see traffic hitting our website with malicious intent e.g. attempting to upload malicious files to the BailiwickTech.com website. Two examples are shown below…

This example shows a malicious file attempted to be uploaded to our website.

A website firewall security log showing malicious traffic

This example shows someone trying to login to the admin page of our website.

WHOIS the Traffic Coming From?

Luckily, as the logs show the source IPs of the traffic, you can run a WHOIS query against these IP addresses. The information is helpful to send an email to the people who actually “own” the IP address e.g. a Telecoms Company or Cloud Provider.

This example WHOIS query shows abuse from 103.179.86.102 should be reported to abuse@billpay.id

This 2nd example WHOIS query shows abuse from 167.172.190.211 should be reported to abuse@digitalocean.com

A firewall security log showing an attempted login from an unknown IP address

As you can see in the pictures above, the contact emails for spam and abuse from these IP addresses are abuse@billpay.id and abuse@digitalocean.com respectively.

Please Investigate

BailiwickTech has contacted these emails, to share with them the information about the abusive IPs. We hope this small gesture assists in the ongoing battle with the sources of malicious traffic that make other people’s lives a misery.

Conclusion

Interestingly, new websites come under attack within a few hours of going live (once the website has been scanned and crawled by all the bots out in the wild. This certainly won’t be the last time our website is probed by malicious traffic but we thought it worthy of attention. Other interesting website hits will be blogged about in the future but not each one, there are simply too many ;).

Keep calm and keep learning!

Similar Posts

A dramatic close-up of a renowned statue in Paris expressing frustration.
|

Google Adsense Verification Issues for Sure.com Phone Number

Byp_shell

Introduction For those wishing to monetise their websites through advertising revenue, Google Adsense is certainly one way to go. AdSense makes it easy to earn money from your content, whether you’re an independent creator or a larger company. But what happens when you run into issues during the initial setup of Adsense? Read on to…

Leave a Reply