14 DAY TRIAL // Trustwave’s SpiderLabs issued a Honeypot Alert after uncovering a number of 3,675 local file Inclusion (LFI) attacks coming from Brazilian domains.
Experts reveal that the attacks attempted to access windowswin.ini and boot.ini by using directory traversals.
The attacks were identified when the company’s IP Reputation Blacklist jumped to 2,339 from the 500-800 IP addresses that are normally recorded each day.
The list of domains used in the attack is fairly large and Trustwave researchers advise web application owners to implement some GeoIP rules to block off any requests coming from Brazil. Of course, this mitigation method is valid only for apps that don’t have any customers in the country.
It’s uncertain at this point if the attacks were focused on a certain geographical location or if they were spread out, but web application administrators should be on the lookout.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.