Wall of Sheep

wall of sheep

In today’s digital landscape, the threat of online attacks is a constant concern. My website, like many others, is a target for such threats. To address this, I've set up a system to monitor and display attempted intrusions against my servers.

Fans of DEFCON, a renowned cybersecurity conference, might be familiar with their 'Wall of Sheep' — a feature that showcases vulnerabilities in network traffic during the event. Drawing inspiration from this, I’ve created a similar display, but with a focus on attacks targeting my servers. It’s a daily testament to the diverse range of attacks we face, going beyond just website vulnerabilities to include attempts on all server ports.

The purpose of my 'Personalized Wall of Sheep' is educational. It serves as a live example of the relentless attacks servers endure, and aims to raise awareness among my visitors. This display is a vivid reminder that cyber threats are universal, affecting not just big corporations but every entity connected to the internet. It underscores the vital importance of cybersecurity for everyone.

In the Last 24 Hours

Detected a total of 4,567 unique cyber attackers who, collectively, were responsible for 27,171 breach attempts.

Unique Cyber Attackers - Last 14 Days

(Each attacker is recorded once per day, regardless of the number of attempts)

To the right is a chart that illustrates the geographical distribution of the attacks against my servers. This chart categorizes each hacking attempt by its country of origin, providing visual insight into the diverse, global sources of these cyber intrusions.

It’s important to note, however, that geographical distribution can sometimes be masked using various techniques. Therefore, in instances where such masking was detected, these attackers have been reassigned to the category ‘obscured’ in the pie chart.

This chart breaks down the different kinds of traffic trying to access my network, focusing on whether the source is hidden or masked. It shows how attackers hide their identity using methods like VPNs, public proxies, or data centers.

This helps us understand the variety of ways attackers try to stay anonymous and the tactics they use to try to get past security measures.

The chart on the right showcases the top 20 data centers being used to launch attacks. These range from public cloud services to smaller providers.

This not only indicates the diversity of platforms used in cyber offensives but also suggests that many of these providers might be unaware of their infrastructure's misuse, highlighting a critical aspect of the cybersecurity challenge.

Attackers over the last 24 hours

The most recent 25 attackers

IPCountryRegionCityISPPorts
China flag
43.248.134.121ChinaJiangsuZhenjiangJiangsu Dongyun Cloud Computing Co. Ltd2375, 8088, 8090
Activity shows a selective approach on a handful of ports, such as 2375, 8088, 8090. The attacker appears to be leveraging a data center hideout.
United States flag
152.32.208.7United StatesVirginiaRestonUCloud Information Technology (HK) Limite...11184, 3004, 3012, 8362, 30121, 2223, 10167, 18181, 18086, 8000... (43 more)
System analysis reveals a focused approach on a handful of ports, such as 11184, 3004, 3012. The attacker appears to be leveraging a data center hideout.
Korea (Republic of) flag
211.218.39.13Korea (Republic of)Gyeonggi-doSeongnamKT Corporation23, 22
Digital footprint reveals a selective approach targeting Telnet, and SSH.
United States flag
45.79.109.193United StatesCaliforniaFremontAkamai Technologies Inc.13, 9033, 49673, 65533, 49693, 5700, 548, 2807, 7071, 5003... (823 more)
Activity shows a focused approach on a handful of ports, such as 13, 9033, 49673. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.149.130United StatesSouth CarolinaNorth CharlestonGoogle LLC9503, 30405, 12323, 48501, 34407, 8887, 11000, 9312, 5555, 48588... (886 more)
Digital footprint reveals a focused approach on a handful of ports, such as 9503, 30405, 12323. The attacker appears to be leveraging a data center hideout.
Germany flag
164.90.170.230GermanyHessenFrankfurt am MainDigitalOcean LLC5000, 10443, 21, 9092, 18080, 5061, 8080, 749, 3443, 5671... (5 more)
Digital footprint reveals a focused approach targeting FTP, HTTP, and others. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.210.216United KingdomEnglandLondonGoogle LLC9085, 9169, 3014, 9984, 45550, 49018, 9072, 1194, 18326, 4441... (899 more)
Digital footprint reveals a focused approach on a handful of ports, such as 9085, 9169, 3014. The attacker appears to be leveraging a data center hideout.
Germany flag
134.122.74.183GermanyHessenFrankfurt am MainDigitalOcean LLC8080
Digital footprint reveals a focused attack targeting HTTP. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.211.89United KingdomEnglandLondonGoogle LLC47087, 9641, 24911, 47062, 45280, 3919, 32222, 22446, 9614, 53311... (890 more)
System analysis reveals a focused approach on a handful of ports, such as 47087, 9641, 24911. The attacker appears to be leveraging a data center hideout.
United States flag
198.235.24.144United StatesCaliforniaSanta ClaraPalo Alto Networks Inc3344, 8991, 20123, 22460, 8445, 445, 5902, 9418, 81, 1723... (236 more)
Digital footprint reveals a focused approach targeting SMB, and others. The attacker appears to be leveraging a data center hideout.
United States flag
205.210.31.194United StatesCaliforniaSanta ClaraPalo Alto Networks Inc139, 9192, 2525, 8999, 4100, 6002, 465, 5001, 7443, 61616... (137 more)
Network inspection reveals a focused approach targeting NetBIOS, and others. The attacker appears to be leveraging a data center hideout.
United States flag
147.185.132.131United StatesCaliforniaSanta ClaraPalo Alto Networks Inc9643, 34419, 9426, 19222, 61243, 8120, 34413, 8058, 56886, 8054... (66 more)
System analysis reveals a focused approach on a handful of ports, such as 9643, 34419, 9426. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.150.219United StatesSouth CarolinaNorth CharlestonGoogle LLC50895, 17000, 221, 4115, 51202, 9887, 30452, 9598, 13733, 45063... (885 more)
Network inspection reveals a focused approach on a handful of ports, such as 50895, 17000, 221. The attacker appears to be leveraging a data center hideout.
United States flag
147.185.132.35United StatesCaliforniaSanta ClaraPalo Alto Networks Inc9546, 28085, 9779, 46639, 1122, 60004, 49206, 6022, 9113, 2441... (83 more)
System monitoring reveals a focused approach on a handful of ports, such as 9546, 28085, 9779. The attacker appears to be leveraging a data center hideout.
Korea (Republic of) flag
183.104.15.141Korea (Republic of)Gyeonggi-doSeongnamKT Corporation23, 22
Digital footprint reveals a selective approach targeting Telnet, and SSH.
United Kingdom flag
178.79.176.12United KingdomEnglandLondonLinode LLC10255
System monitoring reveals a focused attack on port 10255. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.211.221United KingdomEnglandLondonGoogle LLC45361, 23059, 48849, 47342, 1443, 8040, 9292, 28102, 48566, 49888... (887 more)
Activity shows a focused approach on a handful of ports, such as 45361, 23059, 48849. The attacker appears to be leveraging a data center hideout.
China flag
42.6.90.160ChinaLiaoningFuxinUnicom Liaoning Province Network23
Network inspection reveals a focused attack targeting Telnet.
Virgin Islands, British flag
194.169.175.34Virgin Islands, BritishVirgin Islands, BritishRoad TownMatrix Telecom Ltd33389, 3389, 3391, 3390
Network inspection reveals a selective approach targeting RDP, and others. The attacker appears to be leveraging a data center hideout.
United States flag
205.210.31.20United StatesCaliforniaSanta ClaraPalo Alto Networks Inc1244, 4432, 68, 8084, 1026, 8085, 873, 20000, 7777, 8444... (246 more)
Digital footprint reveals a focused approach on a handful of ports, such as 1244, 4432, 68. The attacker appears to be leveraging a data center hideout.
China flag
124.89.83.60ChinaShaanxiXi'anXiancity Ipaddresspool6379
System monitoring reveals a focused attack targeting Redis.
United States flag
162.216.149.23United StatesSouth CarolinaNorth CharlestonGoogle LLC15555, 9879, 9123, 44346, 48156, 54321, 24542, 3479, 8124, 9310... (938 more)
Network inspection reveals a focused approach on a handful of ports, such as 15555, 9879, 9123. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.211.91United KingdomEnglandLondonGoogle LLC13000, 9439, 9622, 9891, 57955, 26000, 8107, 9996, 638, 9139... (907 more)
System monitoring reveals a focused approach on a handful of ports, such as 13000, 9439, 9622. The attacker appears to be leveraging a data center hideout.
United States flag
162.216.149.22United StatesSouth CarolinaNorth CharlestonGoogle LLC54321, 10100, 46106, 45630, 32890, 886, 43581, 1888, 45608, 8059... (894 more)
Activity shows a focused approach on a handful of ports, such as 54321, 10100, 46106. The attacker appears to be leveraging a data center hideout.
United Kingdom flag
35.203.211.140United KingdomEnglandLondonGoogle LLC9506, 2324, 46308, 38400, 6746, 20212, 22011, 9977, 45584, 37185... (853 more)
System monitoring reveals a focused approach on a handful of ports, such as 9506, 2324, 46308. The attacker appears to be leveraging a data center hideout.