Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Analyzing weblogs, part 2, RFI attacks

Published: 2010-01-29
Last Updated: 2010-01-29 04:30:13 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

The 2nd part of the "Weathering the Storm" blog series is now live [1]. In this series, I am looking at our web logs from for attacks.

I picked Remote File Inclusion (RFI) attacks because we are getting thousands a day. Just take a quick look at our web honeypot project [2]. Most of the attacks we detect are RFI attacks.



Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: logs php rfi webattacks
0 comment(s)
Diary Archives