/naxsi - stats

## naxsi - stats

# 30-days - Naxsi-Stats (3 sensors, 10 domains)
# 2014-04-14

count | id       |  message
------+----------+-----------------------------
1880   1000       sql keywords
1721   1200       double dot
1646   1202       obvious probe
1420   10         10
1332   1310       [, possible js
1332   1311       ], possible js
1229   42000030   DN WEB_SERVER /proc/self - Access in URI
1028   42000316   DN SCAN WinHttpRequest - UA
1000   1100       http:// scheme
773    1001       double quote
746    1002       0x, possible hex encoding
741    1007       mysql comment (--)
739    1013       simple quote
655    1205       backslash
598    1016       mysql comment (#)
582    42000244   DN SCAN PHPMyAdmin - Scanner (2)
431    1303       html close tag
420    42000170   DN SCAN Scanner sqlmap
404    42000062   DN WEB_SERVER Generic JOOMLA-Exploit-Attempt (option=com_)
394    42000309   DN SCAN Misformed Proxy-Scan
379    1302       html open tag
291    42000261   DN WEB_SERVER possible WP-Scan (wp-login)
179    1009       equal in var, probable sql/xss
153    1314       grave accent !
148    42000313   DN SCAN Joomlas Administrator-Login-Attempt
131    42000317   DN SCAN Wordpress-UA, probably Botnet-Attack
112    12         12
97     42000262   DN WEB_SERVER possible WP-Scan (wp-admin)
94     11         11
76     42000310   DN SCAN Abnormal double http:// in HTTP header,
71     42000243   DN SCAN PHPMyAdmin - Scanner
64     1006       mysql keyword (&&)
60     42000047   DN WEB_SERVER PHPMyAdmin - Scripts/Setup-Request
60     42000071   DN WEB_APPS PHPMYADMIN setup.php - Access
56     1312       ~ character
44     42000311   DN SCAN poss. malicious Scanner using Fake UA Apache/Synapse
31     42000254   DN WEB_SERVER possible INI - File - Access
30     42000227   DN SCAN Scanner ZmEu exploit scanner
30     42000285   DN WEB_SERVER Joomla JCE-Exploit-Scan
28     1402       Content is neither mulipart/x-www-form..
26     1003       mysql comment (/*)
26     42000305   DN SCAN Possible HNAP-Exploit-Attempt
25     2            2
22     42000021   DN WEB_SERVER Tilde in URI, potential .php source disclosure vulnerability
22     42000271   DN WEB_SERVER ForumSpammer Access
22     42000319   DN SCAN Possible WHMCS - Scan
21     42000181   DN SCAN Scanner webster pro
20     42000128   DN SCAN Nessus-Scanner detected
19     1315       double encoding !
19     42000048   DN WEB_SERVER PHPINFO - in URL
18     1103       php:// scheme
17     14         14
13     42000203   DN SCAN Scanner Paros Proxy Scanner
13     42000321   DN SCAN probably Malicous UA
12     42000077   DN WEB_SERVER LIBWWW_perl-UA detected
12     42000307   DN SCAN WP-Contents/Plugins Access
8      42000082   DN WEB_SERVER Tomcat - Manager - Access
8      42000253   DN WEB_SERVER possible INC - File - Access
7      42000046   DN SCAN DFind w00tw00t GET-Requests
7      42000052   DN WEB_SERVER SVN_Repo-Access
7      42000070   DN WEB_SERVER possible sql-injection (CAST())
7      42000236   DN WEB_SERVER DoubleDot in URL
7      42000263   DN WEB_SERVER .htaccess - Access
6      1004       mysql comment (*/)
5      1010       parenthesis, probable sql/xss
5      42000002   DN APP_SERVER PHP-file-access
5      42000076   DN SCAN VTI_BIN - Access
4      42000054   DN WEB_SERVER HEX_string found
4      42000068   DN WEB_SERVER JAR - Download Request
4      42000156   DN SCAN Scanner safexplorer
3      42000003   DN APP_SERVER ASP_file access
3      42000043   DN SCAN WhatWeb Web Application Fingerprint Scanner Default User-Agent Detected
3      42000073   DN SCAN Python-urllib UA, possible Scanner
3      42000127   DN SCAN Scanner Amiga-Aweb
3      42000151   DN SCAN Scanner whatweb
2      1005       mysql keyword (|)
2      1101       https:// scheme
2      42000053   DN WEB_SERVER GIT_Repo-Access
2      42000079   DN WEB_SERVER VTI_RPC - Access
2      42000080   DN WEB_SERVER Apache ServerStatus - Access
2      42000145   DN SCAN Scanner morfeus
2      42000265   DN WEB_SERVER Plesk Apache Zeroday Remote Exploit - possible scan
2      42000306   DN SCAN Morfeus - F*cking-Scanner
1      1400       utf7/8 encoding
1      42000031   DN SCAN Muieblackcat scanner
1      42000032   DN WEB_SERVER PHP-EVAL - Attempt
1      42000049   DN WEB_SERVER PHP_SYSTEM_CMD
1      42000226   DN SCAN Scanner WITOOL SQL Injection Scan

	# 30-days - Naxsi-Stats (3 sensors, 10 domains)
	# 2014-04-14

	count \| id \| message
	------+----------+-----------------------------
	1880 1000 sql keywords
	1721 1200 double dot
	1646 1202 obvious probe
	1420 10 10
	1332 1310 [, possible js
	1332 1311 ], possible js
	1229 42000030 DN WEB_SERVER /proc/self - Access in URI
	1028 42000316 DN SCAN WinHttpRequest - UA
	1000 1100 http:// scheme
	773 1001 double quote
	746 1002 0x, possible hex encoding
	741 1007 mysql comment (--)
	739 1013 simple quote
	655 1205 backslash
	598 1016 mysql comment (#)
	582 42000244 DN SCAN PHPMyAdmin - Scanner (2)
	431 1303 html close tag
	420 42000170 DN SCAN Scanner sqlmap
	404 42000062 DN WEB_SERVER Generic JOOMLA-Exploit-Attempt (option=com_)
	394 42000309 DN SCAN Misformed Proxy-Scan
	379 1302 html open tag
	291 42000261 DN WEB_SERVER possible WP-Scan (wp-login)
	179 1009 equal in var, probable sql/xss
	153 1314 grave accent !
	148 42000313 DN SCAN Joomlas Administrator-Login-Attempt
	131 42000317 DN SCAN Wordpress-UA, probably Botnet-Attack
	112 12 12
	97 42000262 DN WEB_SERVER possible WP-Scan (wp-admin)
	94 11 11
	76 42000310 DN SCAN Abnormal double http:// in HTTP header,
	71 42000243 DN SCAN PHPMyAdmin - Scanner
	64 1006 mysql keyword (&&)
	60 42000047 DN WEB_SERVER PHPMyAdmin - Scripts/Setup-Request
	60 42000071 DN WEB_APPS PHPMYADMIN setup.php - Access
	56 1312 ~ character
	44 42000311 DN SCAN poss. malicious Scanner using Fake UA Apache/Synapse
	31 42000254 DN WEB_SERVER possible INI - File - Access
	30 42000227 DN SCAN Scanner ZmEu exploit scanner
	30 42000285 DN WEB_SERVER Joomla JCE-Exploit-Scan
	28 1402 Content is neither mulipart/x-www-form..
	26 1003 mysql comment (/*)
	26 42000305 DN SCAN Possible HNAP-Exploit-Attempt
	25 2 2
	22 42000021 DN WEB_SERVER Tilde in URI, potential .php source disclosure vulnerability
	22 42000271 DN WEB_SERVER ForumSpammer Access
	22 42000319 DN SCAN Possible WHMCS - Scan
	21 42000181 DN SCAN Scanner webster pro
	20 42000128 DN SCAN Nessus-Scanner detected
	19 1315 double encoding !
	19 42000048 DN WEB_SERVER PHPINFO - in URL
	18 1103 php:// scheme
	17 14 14
	13 42000203 DN SCAN Scanner Paros Proxy Scanner
	13 42000321 DN SCAN probably Malicous UA
	12 42000077 DN WEB_SERVER LIBWWW_perl-UA detected
	12 42000307 DN SCAN WP-Contents/Plugins Access
	8 42000082 DN WEB_SERVER Tomcat - Manager - Access
	8 42000253 DN WEB_SERVER possible INC - File - Access
	7 42000046 DN SCAN DFind w00tw00t GET-Requests
	7 42000052 DN WEB_SERVER SVN_Repo-Access
	7 42000070 DN WEB_SERVER possible sql-injection (CAST())
	7 42000236 DN WEB_SERVER DoubleDot in URL
	7 42000263 DN WEB_SERVER .htaccess - Access
	6 1004 mysql comment (*/)
	5 1010 parenthesis, probable sql/xss
	5 42000002 DN APP_SERVER PHP-file-access
	5 42000076 DN SCAN VTI_BIN - Access
	4 42000054 DN WEB_SERVER HEX_string found
	4 42000068 DN WEB_SERVER JAR - Download Request
	4 42000156 DN SCAN Scanner safexplorer
	3 42000003 DN APP_SERVER ASP_file access
	3 42000043 DN SCAN WhatWeb Web Application Fingerprint Scanner Default User-Agent Detected
	3 42000073 DN SCAN Python-urllib UA, possible Scanner
	3 42000127 DN SCAN Scanner Amiga-Aweb
	3 42000151 DN SCAN Scanner whatweb
	2 1005 mysql keyword (\|)
	2 1101 https:// scheme
	2 42000053 DN WEB_SERVER GIT_Repo-Access
	2 42000079 DN WEB_SERVER VTI_RPC - Access
	2 42000080 DN WEB_SERVER Apache ServerStatus - Access
	2 42000145 DN SCAN Scanner morfeus
	2 42000265 DN WEB_SERVER Plesk Apache Zeroday Remote Exploit - possible scan
	2 42000306 DN SCAN Morfeus - F*cking-Scanner
	1 1400 utf7/8 encoding
	1 42000031 DN SCAN Muieblackcat scanner
	1 42000032 DN WEB_SERVER PHP-EVAL - Attempt
	1 42000049 DN WEB_SERVER PHP_SYSTEM_CMD
	1 42000226 DN SCAN Scanner WITOOL SQL Injection Scan