I haven't posted to this blog in a long while, so I thought that I would share some interesting traffic data related to the newest section of the website. Just over a month ago I released GfxBench2D, a 2D benchmarking tool and web-application. This tool measures 2D graphics performance and can (optionally) upload results to this website for display. Well, this triggered the biggest traffic spike that this website has ever seen. Take a look a graph of the number of daily visits that have occurred since this website was first created (up to 10 July 2011):

This morning the first Silverstripe specific hacking attempt occurred. Three separate IP addresses from across the globe attempted to perform code-injection exploits on this website for about an hour. It is clearly targeting Silverstripe because the server logs show references to Silverstripe specific files, e.g.:

Over the last day, several comments were posted to this blog that contained links to websites with very dodgy URLs. Essentially, all the links were to dirty websites that peddle content that I do not wish to see, or be associated with. Over the last week I have simply logged on regularly, and deleted any comments that were Spam. However, this still leaves a window during which that unwanted trash is visible on this website. This morning's dose of dirty spam motivated me to take the time to install Akismet, a comment spam filtering service.

... then why would it work the second time, or the third, or the fourth, etc. Yesterday I discussed a TinyCMS exploit that someone attempted to use on this website, in order to steal passwords. Fortunately, this website does not use TinyCMS, so it failed. However, skimming through today's log demonstrates that this exploit is truly out in the wild. A single IP address has basically been hammering the server non-stop from 5:30 A.M. through to 8:30 A.M. this morning, with what are essentially the same two requests:

The last few days a deluge of Perl based code-injection hacking attempts have been made on this website. Most of them are more of the same old attacks that I have documented previously. However, one particularly insistent user-agent made an attempt to get the password file on the server. Have a look at the following two log entries:

It was inevitable that eventually someone would post spam as comments to this blog. Today, the first spam-bot that is designed to post comments arrived. The log entries are:

This will probably be one of the last blog entries related to code injection hacking attempts on this website. A pattern has emerged, and, until some new form of attack occurs, there simply is no point in mentioning every slight variation. Yesterday three nearly identical hacking attempts occurred from three different addresses. These attacks appeared to try and mask what was being performed somewhat. As usual, the tell-tale sign is the addition of other website URLs in the URL:

Scanning through the web-server's log this morning, one entry caught my eye:

Hot on the heels of the last code injection attempt comes another one; this time the attempt to breach security appears to have a Russian connection. The new log entries are as follows:

EDIT (24/7/2008): Hot on the heels of this code injection attempt, comes another one (link).