The creator of this owns a handful of personal websites. Despite having adequate bot protections in place, hourly brute-force login attempts intensified. This site was created to provide a live view of that activity and summarize some key concerns and findings.
Brute force attacks on the login functions of content management systems have been a persistent issue for over two decades. The motives for guessing a password and gaining access to a content management system range from simple website defacement and SEO link spamming to more serious criminal activities, such as deploying phishing landing pages for financial institutions or enlisting the application layer of the site into a botnet. If the underlying operating systems possess security vulnerabilities, CMS access can also serve as the entry point for a full operating system takeover.
Brute force login attacks use either a single bot or a complex network of bots to attempt various username and password combinations to gain access to a web application. Failed login attempts are often not logged, leaving the application owner unaware of such activity. According to a 2023 Thales Group Report, malicious bot activity accounted for over 32% of all Internet traffic. This is a problem at scale and is growing every year. Despite the efforts of cloud security providers and managed hosting companies, the scale of the issue continues to expand. Observations derived from the data behind this site highlight one surprising foundational cause.
Attacks are non-stop and data is collected 24x7. The source of attacks are global with netblocks representing North America, South America, Africa, and multiple regions in Europe and Asia. Though the attacks come from a broad range of net block owners, the leaderboards say it all. The attack volume comes from netblocks owned by US based, publicly traded companies who are in the IaaS and PaaS services business. The sheer volumes that originate from single IP addresses indicate weak detection and prevention controls in their infrastructure. There is additional data that will be posted on this website that links these IP addresses to botnets being controlled out of Iran, Russia, and other nation states considered a threat by the US government.
The following are facts related to this site: