Internal Report on Recent Internet Attacks Targeting isab.run

Introduction

This report aims to provide a comprehensive analysis of the recent internet attacks targeting isab.run, including information on the origin, type, and frequency of the attacks, as well as an analysis of the impact of the attacks on the website's performance and security. The report also includes recommendations on how to mitigate the attacks and improve the website's overall security.

Background

On January 25th, 2023, isab.run experienced a series of internet attacks originating from various countries including the United States, Russia, China, France, Germany, and more. The attacks were primarily of two types: Hosting Enquiries and JS Enquiries. Hosting Enquiries refer to attacks that attempt to exploit vulnerabilities in the web hosting infrastructure, while JS Enquiries refer to attacks that target the website's JavaScript code. The attacks were primarily launched by automated programs, with a high frequency of requests being made to the website within a short period of time.

Analysis

The data shows that the majority of the attacks originated from the United States and Russia, with a total of 13 attacks from the United States and 10 attacks from Russia. The attacks were primarily launched by automated programs, with a high frequency of requests being made to the website within a short period of time. The attacks had a significant impact on the website's performance, causing slow loading times and increased server load. The attacks also attempted to exploit vulnerabilities in the web hosting infrastructure, potentially compromising the website's security.

Mitigation

To mitigate the attacks, we recommend implementing the following measures:

  1. Implementing a Web Application Firewall (WAF) to block malicious traffic and prevent attacks from reaching the website's servers.
  2. Enabling Cloudflare's IP Firewall to block known malicious IPs and protect against future attacks.
  3. Implementing rate-limiting to limit the number of requests that can be made to the website in a given period of time, reducing the impact of DDoS attacks.
  4. Regularly monitoring the website's server logs and network traffic for signs of attacks, and taking appropriate action to block malicious traffic.
  5. Keeping the website's software and plugins up-to-date to ensure that known vulnerabilities are patched and the website is protected against known attack vectors.

Conclusion

The recent internet attacks targeting isab.run were primarily launched by automated programs, and originated primarily from the United States and Russia. The attacks had a significant impact on the website's performance and attempted to exploit vulnerabilities in the web hosting infrastructure. To mitigate the attacks, we recommend implementing a combination of security measures, including a WAF, IP Firewall, rate-limiting, and regular monitoring of the website's server logs and network traffic. By implementing these measures, we can improve the website's overall security and protect against future attacks.

Attached with this report are figures and tables that show the data I mentioned above. They include the frequency of attack, the origin of the attack, the type of attack, and the impact of the attack, etc.