Hosting firm UKFast has released its first Threat Monitoring Report, with data and insight from its Threat Monitoring service, which continuously analyses data to distinguish between potential security breaches and normal activity.
Data from the first 10 weeks of 2019 shows more than 5.5m malicious events across the platform, with 1.52m full attack attempts blocked in total, from a sample size of 181.5m total events analysed.
PHP web attacks nearly doubled when compared to the 10 weeks to December 31, 2018 and were the most common attack type seen, with 52,920, followed by SQL injection attempts and XSS (cross site scripting) attempts.
The USA, Russia and China have generated the most attack attempts throughout the lifetime of the service, although data from 2019 to date sees attacks from the UK climb into third place ahead of China.
UKFast CTO Neil Lathwood said: “We’re seeing a rising number of attempted PHP web attacks across the servers protected by Threat Monitoring. PHP is a popular programming language so it’s natural that we’re seeing a huge number of attacks on PHP applications and websites.
“With the popularity of software like WordPress, which can be extended using plugins, websites are being exposed to compromises as some of these plugins are not regularly updated by their developers. This issue is leaving businesses open to some really significant vulnerabilities.”
The British hosting giant’s Threat Monitoring service, launched last year, now protects hundreds of businesses and will publish a quarterly threat monitoring report with statistics, trends and insights to support the wider security industry.
Threat Monitoring includes host-based intrusion detection (HIDS), vulnerability scanning, file integrity monitoring (FIM), Rootkit detection and server baseline hardening.
The report also reveals the most common existing user names used in brute force attacks:
– ?
– test
– admin
– test1
– backup
– user
– ubnt
– proftpd
– hadoop