ATTACKS ON NEWLY REGISTERED WEBSITES, A COMPARISON

Abstract

In this paper we present a case study of hacker/intrusion activities on newly registered websites. We study how much of the incoming traffic is potentially malicious and if different web designs attract different types of malicious traffic. To implement our study, we simultaneously register and activate two websites - with similar designs but different content - and a comparison website with no content. The sites run for two months on a platform of a commercial web-hosting provider. The sites are registered under a domain of network research consortium wirlab.net. The platform utilizes a standard Linux operating system with an Apache web server with no known vulnerabilities. All network traffic to the sites is recorded using the tcpdump application. Our analysis shows that more than 90% of all traffic to the websites is potentially malicious. Moreover, most of the intrusion attempts use the ssh (secure shell) protocol instead of http. Of the two non-empty web sites, the more adult oriented one attracted more intrusion attempts. Moreover, we compare the newly registered sites with an established site and notice differences in the web traffic.