Creating a Threat Feed with Splunk

Posted Leave a commentPosted in Security Stuffs

I operate (loosely) a couple of small websites.  None of them make any money but all of them seem to get attacked on fairly regular basis.  Of course, I keep track of the attacks in Splunk so I can make pretty graphs and such but I’ve not been using the data to it’s fullest potential.  This is something I’ve been meaning to build for a while, but have just recently gotten around to doing..  With that, I introduce the Spork Threat Feed.  *applause* The world really needs another threat feed? […]

Thanks for the Heads Up

Posted 2 CommentsPosted in Attack of the Day

While cleaning out some junk logs and double checking things for a different project I’m currently working on, I stumbled across this in the long list of thrown away traffic: GET /Ringing.at.your.dorbell! HTTP/1.0 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Cookie: Greetz to M, st0n3d, Jorgee, CoLdZeRo, and Tomato lol! Referer: http://google.com/search?q=2+guys+1+horse User-Agent: CVE-2014-6271 😉 Test: Still a lot of these at 2015! haha! ‘tangina! X-Forwarded-For: 174.36.209.208 By itself, kind of funny for a number of reasons. I thought it was very kind of them to announce their presence AND give me 3 […]