In today’s digital landscape, the threat of online attacks is a constant concern. My website, like many others, is a target for such threats. To address this, I've set up a system to monitor and display attempted intrusions against my servers.
Fans of DEFCON, a renowned cybersecurity conference, might be familiar with their 'Wall of Sheep' — a feature that showcases vulnerabilities in network traffic during the event. Drawing inspiration from this, I’ve created a similar display, but with a focus on attacks targeting my servers. It’s a daily testament to the diverse range of attacks we face, going beyond just website vulnerabilities to include attempts on all server ports.
The purpose of my 'Personalized Wall of Sheep' is educational. It serves as a live example of the relentless attacks servers endure, and aims to raise awareness among my visitors. This display is a vivid reminder that cyber threats are universal, affecting not just big corporations but every entity connected to the internet. It underscores the vital importance of cybersecurity for everyone.
Detected a total of 5,184 unique cyber attackers who, collectively, were responsible for 24,672 breach attempts.
(Each attacker is recorded once per day, regardless of the number of attempts)
To the right is a chart that illustrates the geographical distribution of the attacks against my servers. This chart categorizes each hacking attempt by its country of origin, providing visual insight into the diverse, global sources of these cyber intrusions.
It’s important to note, however, that geographical distribution can sometimes be masked using various techniques. Therefore, in instances where such masking was detected, these attackers have been reassigned to the category ‘obscured’ in the pie chart.
This chart breaks down the different kinds of traffic trying to access my network, focusing on whether the source is hidden or masked. It shows how attackers hide their identity using methods like VPNs, public proxies, or data centers.
This helps us understand the variety of ways attackers try to stay anonymous and the tactics they use to try to get past security measures.
The chart on the right showcases the top 20 data centers being used to launch attacks. These range from public cloud services to smaller providers.
This not only indicates the diversity of platforms used in cyber offensives but also suggests that many of these providers might be unaware of their infrastructure's misuse, highlighting a critical aspect of the cybersecurity challenge.
| IP | Country | Region | City | ISP | Ports | ||
|---|---|---|---|---|---|---|---|
 | 162.216.150.117 | United States | South Carolina | North Charleston | Google LLC | 15810, 9342, 43999, 44981, 56941, 20661, 65535, 59910, 25432, 46694... (2296 more) | Digital footprint reveals a focused approach on a handful of ports, such as 15810, 9342, 43999. The attacker appears to be leveraging a data center hideout. |
 | 165.154.41.213 | Hong Kong | Hong Kong | Hong Kong | UCloud Information Technology (HK) Limite... | 2346, 32774, 10507, 474, 5146, 7187, 17756, 10695, 10913, 286... (529 more) | Activity shows a focused approach on a handful of ports, such as 2346, 32774, 10507. The attacker appears to be leveraging a data center hideout. |
| 198.199.66.18 | United States | New Jersey | North Bergen | DigitalOcean LLC | 6889 | Activity shows a focused attack on port 6889. The attacker is behind the veil of a VPN. |
 | 106.13.45.232 | China | Beijing | Beijing | Beijing Baidu Netcom Science and Technolo... | 6379 | Network inspection reveals a focused attack targeting Redis. The attacker is perhaps masquerading as a search engine bot? |
 | 35.203.210.124 | United Kingdom | England | London | Google LLC | 8124, 65529, 49155, 9936, 10031, 8441, 4010, 3915, 9726, 3953... (2304 more) | Network inspection reveals a focused approach on a handful of ports, such as 8124, 65529, 49155. The attacker appears to be leveraging a data center hideout. |
| 162.216.149.25 | United States | South Carolina | North Charleston | Google LLC | 9302, 9088, 18282, 43008, 34431, 21231, 28341, 49569, 10022, 9772... (2345 more) | System monitoring reveals a focused approach on a handful of ports, such as 9302, 9088, 18282. The attacker appears to be leveraging a data center hideout. |
| 35.203.211.39 | United Kingdom | England | London | Google LLC | 49484, 49987, 49246, 13585, 13929, 21329, 10349, 47425, 47487, 8022... (2322 more) | Network inspection reveals a focused approach on a handful of ports, such as 49484, 49987, 49246. The attacker appears to be leveraging a data center hideout. |
| 147.185.133.72 | United States | California | Santa Clara | Palo Alto Networks Inc | 4508, 5343, 5280, 8144, 9566, 3086, 9102, 9569, 52976, 47099... (1857 more) | Digital footprint reveals a focused approach on a handful of ports, such as 4508, 5343, 5280. The attacker appears to be leveraging a data center hideout. |
| 165.154.129.151 | United Kingdom | England | London | UCloud Information Technology (HK) Limite... | 4671, 7329, 3249, 5436, 2113, 10776, 33848, 6389, 10086, 11035... (481 more) | Digital footprint reveals a focused approach on a handful of ports, such as 4671, 7329, 3249. The attacker appears to be leveraging a data center hideout. |
| 172.234.218.245 | United States | Illinois | Chicago | Linode LLC | 5000, 13, 8600, 41067, 2301, 11184, 18846, 5400, 8383, 2096... (591 more) | Network inspection reveals a focused approach on a handful of ports, such as 5000, 13, 8600. The attacker appears to be leveraging a data center hideout. |
| 35.203.210.189 | United Kingdom | England | London | Google LLC | 35164, 45239, 52965, 49536, 46900, 7545, 42045, 48948, 28991, 47320... (2297 more) | Network inspection reveals a focused approach on a handful of ports, such as 35164, 45239, 52965. The attacker appears to be leveraging a data center hideout. |
 | 45.156.128.71 | Belgium | Brussels Hoofdstedelijk Gewest | Brussels | NSEC - Sistemas Informaticos S.A. | 11, 902, 14147, 5094, 84, 1023, 102, 3001, 2082, 1777... (52 more) | Digital footprint reveals a focused approach on a handful of ports, such as 11, 902, 14147. The attacker appears to be leveraging a data center hideout. |
| 47.84.186.241 | United States | California | San Mateo | Alibaba Cloud LLC | 8031, 18085 | Network inspection reveals a selective approach on a handful of ports, such as 8031, 18085. The attacker appears to be leveraging a data center hideout. |
| 20.169.107.122 | United States | Arizona | Phoenix | Microsoft Corporation | 8040, 8086, 18080, 5093, 6066, 4330, 2379, 5985, 9999, 8084... (45 more) | Digital footprint reveals a focused approach on a handful of ports, such as 8040, 8086, 18080. The attacker appears to be leveraging a data center hideout. |
 | 66.132.186.133 | Canada | Ontario | Etobicoke | Aptum Technologies | 6759, 55528, 23010, 58341, 34026, 5314, 40198, 20399, 58179, 6386... (148 more) | System analysis reveals a focused approach on a handful of ports, such as 6759, 55528, 23010. The attacker appears to be leveraging a data center hideout. |
| 165.154.163.174 | United States | California | Los Angeles | UCloud Information Technology (HK) Limite... | 19146, 18976, 18790, 18244, 17946, 15805, 15689, 15096, 14809, 14350... (25 more) | Network inspection reveals a focused approach on a handful of ports, such as 19146, 18976, 18790. The attacker appears to be leveraging a data center hideout. |
| 45.79.67.28 | United States | California | Fremont | Akamai Technologies Inc. | 8446, 3312, 4200, 4412, 16888, 93, 45000, 8700 | Activity shows a focused approach on a handful of ports, such as 8446, 3312, 4200. The attacker appears to be leveraging a data center hideout. |
| 100.29.192.110 | United States | Virginia | Ashburn | Amazon Data Services NoVa | 6697, 7777, 49152, 19200, 587, 9443, 3389, 1717, 465, 24442... (60 more) | System analysis reveals a focused approach targeting RDP, and others. The attacker appears to be leveraging a data center hideout. |
| 74.207.253.160 | United States | California | Fremont | Akamai Technologies Inc. | 3838, 45000, 8700, 4200, 8446, 4412, 1501, 93, 3312, 16888 | System monitoring reveals a focused approach on a handful of ports, such as 3838, 45000, 8700. The attacker appears to be leveraging a data center hideout. |
| 147.185.133.106 | United States | California | Santa Clara | Palo Alto Networks Inc | 8008, 60443, 9795, 51805, 33061, 50203, 24506, 1102, 48570, 9006... (1864 more) | System analysis reveals a focused approach on a handful of ports, such as 8008, 60443, 9795. The attacker appears to be leveraging a data center hideout. |
| 162.216.149.43 | United States | South Carolina | North Charleston | Google LLC | 34469, 8686, 9275, 60013, 22527, 12369, 9661, 5123, 9858, 9662... (2342 more) | System analysis reveals a focused approach on a handful of ports, such as 34469, 8686, 9275. The attacker appears to be leveraging a data center hideout. |
 | 47.236.206.106 | Singapore | Singapore | Singapore | Alibaba Cloud LLC | 10943, 8818, 8160, 7904, 7806 | Activity shows a selective approach on a handful of ports, such as 10943, 8818, 8160. The attacker appears to be leveraging a data center hideout. |
| 182.88.190.165 | China | Guangxi Zhuangzu | Nanning | China Unicom Guangxi Province Network | 10566 | Digital footprint reveals a focused attack on port 10566. |
| 147.185.132.253 | United States | California | Santa Clara | Palo Alto Networks Inc | 48645, 10080, 9696, 9219, 8112, 9499, 9594, 10081, 9242, 9621... (1818 more) | Activity shows a focused approach on a handful of ports, such as 48645, 10080, 9696. The attacker appears to be leveraging a data center hideout. |
| 162.216.149.67 | United States | South Carolina | North Charleston | Google LLC | 27926, 9616, 10006, 38400, 7878, 20001, 2217, 12495, 682, 15700... (2298 more) | Digital footprint reveals a focused approach on a handful of ports, such as 27926, 9616, 10006. The attacker appears to be leveraging a data center hideout. |