In today’s digital landscape, the threat of online attacks is a constant concern. My website, like many others, is a target for such threats. To address this, I've set up a system to monitor and display attempted intrusions against my servers.
Fans of DEFCON, a renowned cybersecurity conference, might be familiar with their 'Wall of Sheep' — a feature that showcases vulnerabilities in network traffic during the event. Drawing inspiration from this, I’ve created a similar display, but with a focus on attacks targeting my servers. It’s a daily testament to the diverse range of attacks we face, going beyond just website vulnerabilities to include attempts on all server ports.
The purpose of my 'Personalized Wall of Sheep' is educational. It serves as a live example of the relentless attacks servers endure, and aims to raise awareness among my visitors. This display is a vivid reminder that cyber threats are universal, affecting not just big corporations but every entity connected to the internet. It underscores the vital importance of cybersecurity for everyone.
Detected a total of 4,638 unique cyber attackers who, collectively, were responsible for 23,385 breach attempts.
(Each attacker is recorded once per day, regardless of the number of attempts)
To the right is a chart that illustrates the geographical distribution of the attacks against my servers. This chart categorizes each hacking attempt by its country of origin, providing visual insight into the diverse, global sources of these cyber intrusions.
It’s important to note, however, that geographical distribution can sometimes be masked using various techniques. Therefore, in instances where such masking was detected, these attackers have been reassigned to the category ‘obscured’ in the pie chart.
This chart breaks down the different kinds of traffic trying to access my network, focusing on whether the source is hidden or masked. It shows how attackers hide their identity using methods like VPNs, public proxies, or data centers.
This helps us understand the variety of ways attackers try to stay anonymous and the tactics they use to try to get past security measures.
The chart on the right showcases the top 20 data centers being used to launch attacks. These range from public cloud services to smaller providers.
This not only indicates the diversity of platforms used in cyber offensives but also suggests that many of these providers might be unaware of their infrastructure's misuse, highlighting a critical aspect of the cybersecurity challenge.
| IP | Country | Region | City | ISP | Ports | ||
|---|---|---|---|---|---|---|---|
 | 8.141.8.30 | China | Zhejiang | Hangzhou | Aliyun Computing Co. Ltd | 6379 | System monitoring reveals a focused attack targeting Redis. The attacker appears to be leveraging a data center hideout. |
 | 198.235.24.128 | United States | California | Santa Clara | Palo Alto Networks Inc | 9983, 64719, 2455, 3975, 5916, 20123, 8531, 44344, 10255, 10250... (283 more) | Network inspection reveals a focused approach on a handful of ports, such as 9983, 64719, 2455. The attacker appears to be leveraging a data center hideout. |
 | 35.203.210.129 | United Kingdom | England | London | Google LLC | 60091, 54321, 3083, 6667, 8864, 57357, 37516, 9114, 930, 9621... (1304 more) | Activity shows a focused approach on a handful of ports, such as 60091, 54321, 3083. The attacker appears to be leveraging a data center hideout. |
 | 152.32.129.154 | Hong Kong | Hong Kong | Hong Kong | UCloud Information Technology (HK) Limite... | 2277, 10926, 131, 2973, 5122, 10685, 2613, 61005, 2349, 26487... (107 more) | Network inspection reveals a focused approach on a handful of ports, such as 2277, 10926, 131. The attacker appears to be leveraging a data center hideout. |
| 167.94.138.129 | United States | Michigan | Ann Arbor | Censys Inc. | 10809, 8389, 5986, 771, 7001, 20201, 119, 222, 18084, 11102... (199 more) | Network inspection reveals a focused approach on a handful of ports, such as 10809, 8389, 5986. The attacker is perhaps masquerading as a search engine bot? |
| 154.203.197.28 | Hong Kong | Hong Kong | Hong Kong | HongKong MegaLayer Technology | 2222, 2022, 22 | Digital footprint reveals a selective approach targeting SSH, and others. The attacker appears to be leveraging a data center hideout. |
| 162.142.125.136 | United States | Michigan | Ann Arbor | Censys Inc. | 27994, 19821, 19396, 300, 11419, 13585, 52784, 33234, 5777, 43698... (911 more) | Digital footprint reveals a focused approach on a handful of ports, such as 27994, 19821, 19396. The attacker is perhaps masquerading as a search engine bot? |
| 152.32.207.179 | United States | Virginia | Reston | UCloud Information Technology (HK) Limite... | 4704, 7234, 5081, 10841, 10341, 3609, 1862, 1623, 7478, 3772... (157 more) | System analysis reveals a focused approach on a handful of ports, such as 4704, 7234, 5081. The attacker appears to be leveraging a data center hideout. |
 | 114.35.183.195 | Taiwan, Province of China | Taipei | Taipei | Chunghwa Telecom Co. Ltd. | 23, 79, 8000, 34567, 34568, 88 | Activity shows a focused approach targeting Telnet, and others. |
| 206.168.35.160 | United States | Michigan | Ann Arbor | Censys Inc. | 40000, 49502, 5986, 2455, 8082, 1521, 8081, 5061, 808, 465... (127 more) | Activity shows a focused approach on a handful of ports, such as 40000, 49502, 5986. The attacker is perhaps masquerading as a search engine bot? |
 | 194.48.251.236 | Germany | Hessen | Frankfurt am Main | GWY IT Pty Ltd | 5432 | Network inspection reveals a focused attack targeting PostgreSQL. The attacker appears to be leveraging a data center hideout. |
| 171.80.153.102 | China | Hubei | Jingzhou | ChinaNet Hubei Province Network | 23 | System analysis reveals a focused attack targeting Telnet. |
| 35.203.210.27 | United Kingdom | England | London | Google LLC | 54327, 8074, 9345, 9009, 55307, 46555, 422, 10171, 8804, 4446... (1335 more) | System analysis reveals a focused approach on a handful of ports, such as 54327, 8074, 9345. The attacker appears to be leveraging a data center hideout. |
| 206.168.35.50 | United States | Michigan | Ann Arbor | Censys Inc. | 8389, 8636, 4444, 1311, 50001, 50995, 6006, 110, 502, 9142... (154 more) | Activity shows a focused approach targeting POP3, and others. The attacker is perhaps masquerading as a search engine bot? |
| 52.228.161.191 | United States | Iowa | Des Moines | Microsoft Corporation | 30001, 10000, 161, 2096, 4330, 2455, 10024, 541, 4840, 8008... (31 more) | Digital footprint reveals a focused approach on a handful of ports, such as 30001, 10000, 161. The attacker appears to be leveraging a data center hideout. |
| 118.193.44.169 | Hong Kong | Hong Kong | Hong Kong | UCloud Information Technology (HK) Limite... | 41230, 7784, 15411, 4087, 996, 2939, 9612, 3934, 4740, 9307... (108 more) | System monitoring reveals a focused approach on a handful of ports, such as 41230, 7784, 15411. The attacker appears to be leveraging a data center hideout. |
| 162.216.149.157 | United States | South Carolina | North Charleston | Google LLC | 60241, 9422, 48823, 15800, 9736, 5543, 6583, 48727, 1337, 19443... (1339 more) | System analysis reveals a focused approach on a handful of ports, such as 60241, 9422, 48823. The attacker appears to be leveraging a data center hideout. |
| 35.203.211.115 | United Kingdom | England | London | Google LLC | 8400, 34455, 8802, 49988, 13345, 2438, 9901, 18444, 9077, 45227... (1353 more) | System monitoring reveals a focused approach on a handful of ports, such as 8400, 34455, 8802. The attacker appears to be leveraging a data center hideout. |
| 218.92.0.209 | China | Jiangsu | Lianyungang | ChinaNet Jiangsu Province Network | 22 | Activity shows a focused attack targeting SSH. The attacker is behind the veil of a VPN. |
| 35.203.211.243 | United Kingdom | England | London | Google LLC | 60441, 31022, 49456, 27036, 9653, 34451, 21620, 32768, 50000, 47830... (1292 more) | Digital footprint reveals a focused approach on a handful of ports, such as 60441, 31022, 49456. The attacker appears to be leveraging a data center hideout. |
| 139.144.239.72 | United States | New Jersey | Cedar Knolls | Akamai Technologies Inc. | 10010, 3263, 501, 1725, 52965, 4001, 20003, 8201, 1051, 43201... (1077 more) | Digital footprint reveals a focused approach on a handful of ports, such as 10010, 3263, 501. The attacker appears to be leveraging a data center hideout. |
| 147.185.133.90 | United States | California | Santa Clara | Palo Alto Networks Inc | 11010, 30468, 10540, 38037, 24531, 9045, 17607, 50013, 30220, 9612... (633 more) | Activity shows a focused approach on a handful of ports, such as 11010, 30468, 10540. The attacker appears to be leveraging a data center hideout. |
| 147.185.133.159 | United States | California | Santa Clara | Palo Alto Networks Inc | 45989, 8087, 47833, 8801, 8846, 9685, 9006, 48768, 47179, 46747... (603 more) | Activity shows a focused approach on a handful of ports, such as 45989, 8087, 47833. The attacker appears to be leveraging a data center hideout. |
| 198.235.24.193 | United States | California | Santa Clara | Palo Alto Networks Inc | 8085, 3050, 8084, 8883, 4016, 21, 51401, 27017, 8445, 2181... (186 more) | Digital footprint reveals a focused approach targeting FTP, MongoDB, and others. The attacker appears to be leveraging a data center hideout. |
| 35.203.210.48 | United Kingdom | England | London | Google LLC | 52592, 9540, 26499, 8808, 8177, 53298, 49168, 554, 48145, 810... (1272 more) | Activity shows a focused approach on a handful of ports, such as 52592, 9540, 26499. The attacker appears to be leveraging a data center hideout. |