Most visits to a login page are made by malicious tools
Posted on 06 November 2013.
Incapsula surveyed 1,000 websites over a 90-day period, during which we recorded over 1.4 million unauthenticated access attempts and 20,376 authenticated logins.

Their data shows that 2.8% of the unauthenticated attempts were made by human visitors. This suggests that most of these should be attributed to “human error” (e.g., typing the wrong password) and to the initial one-time 2FA activation process.


The numbers also show that another 1.8% of the unauthenticated visits were made by benevolent bots (e.g., search engines, legitimate crawlers, RSS readers, etc.) whose numbers would certainly be much higher, if not for the common practice of blocking the login URLs using the robots.txt file.

The remaining 94.1% of the visits were made by malicious automated tools - the kinds that are used to discover and exploit password-related security holes. Simply put, this means that on average 15 of every 16 visitors to your login page have ill attentions in mind.


The seemingly high ratio of malicious visits is, in fact, all but expected - especially considering the recent waves of large-scale Brute Force attacks and the overall increase in APT events and other password-related hacks.

That connection becomes even more evident from looking at the trending reports. For example, while observing the timeline of blocked attempts, it is easy to spot a distinct correlation between the steep increase in number of malicious access attempts and the reports about the Fort Disco attack, which surfaced throughout August and September.





Spotlight

The context-aware security lifecycle and the cloud

Posted on 25 November 2014.  |  Ofer Wolf, CEO at Sentrix, explains the role of the context-aware security lifecycle and illustrates how the cloud is shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Nov 26th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //