Skip to Main Content
The widespread use of Web applications, in conjunction with large number of vulnerabilities, makes them very attractive targets for malicious attackers. The increasing popularity of Web 2.0 applications, such as blogs, wikis, and social sites, makes Web servers even more attractive targets. In this paper we present empirical analysis of attackers activities based on data collected by two high-interaction honeypots which have typical three-tier architectures and include Web 2.0 applications. The contributions of our work include in-depth characterization of different types of malicious activities aimed at Web servers that deploy blog and wiki applications, as well as formal inferential statistical analysis of the malicious Web sessions.