ATTACKS ON NEWLY REGISTERED WEBSITES, A COMPARISON

Authors

  • Marko Niinimaki Webster University Thailand, 1 Empire Tower, Sathorn, Bangkok 10120, Thailand,
  • Veli Pajula University Consortium of Seinajoki, Kampusranta 9, Seinajoki, Finland,
  • John Lawrence Webster University Thailand, 1 Empire Tower, Sathorn, Bangkok 10120, Thailand
  • Kitichai Chanyalikit Webster University Thailand, 1 Empire Tower, Sathorn, Bangkok 10120, Thailand

Keywords:

website security

Abstract

In this paper we present a case study of hacker/intrusion activities on newly registered websites. We study how much of the incoming traffic is potentially malicious and if different web designs attract different types of malicious traffic. To implement our study, we simultaneously register and activate two websites - with similar designs but different content - and a comparison website with no content. The sites run for two months on a platform of a commercial web-hosting provider. The sites are registered under a domain of network research consortium wirlab.net. The platform utilizes a standard Linux operating system with an Apache web server with no known vulnerabilities. All network traffic to the sites is recorded using the tcpdump application. Our analysis shows that more than 90% of all traffic to the websites is potentially malicious. Moreover, most of the intrusion attempts use the ssh (secure shell) protocol instead of http. Of the two non-empty web sites, the more adult oriented one attracted more intrusion attempts. Moreover, we compare the newly registered sites with an established site and notice differences in the web traffic.

Downloads

Published

2018-08-04

Issue

Section

บทความอื่นๆ (Other Article)