Honeypot

Security Dashboard

Static snapshot

I pointed a web server at the public internet and logged every request. Within hours, automated bots started probing for exploits. Below is what 59 days of unsolicited traffic looks like: 29.7k attack probes from 2.9k unique IPs, scanning 4.0k distinct paths.

29.7kattack probes
2.9kunique IPs
4.0kdistinct paths
504avg/day

Requests per day

2026-01-272026-03-26

HTTP methods

GET (35.6k)POST (1.7k)HEAD (79)OPTIONS (69)PROPFIND (159)

Attack categories

PHPUnit RCE6.9k
PHP Webshell Scan4.7k
Environment File Leak3.5k
Config File Leak1.6k
Admin Panel Discovery1.6k
WordPress Exploits1.4k
Version Control Leak502
CGI Path Traversal437
Docker API Exposure424
PHP Remote File Include410
ThinkPHP RCE358
Recon / Fingerprinting268
Database Admin Probes21
Other7.6k

Top probed paths

access.log analysis
  228 /.env
  221 /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh
  211 /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh
  209 /robots.txt
  208 /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input
  202 /?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input
  200 /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  199 /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
  196 /vendor/phpunit/src/Util/PHP/eval-stdin.php
  194 /vendor/phpunit/Util/PHP/eval-stdin.php
  192 /vendor/phpunit/phpunit/LICENSE/eval-stdin.php
  192 /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  192 /phpunit/phpunit/src/Util/PHP/eval-stdin.php
  191 /phpunit/phpunit/Util/PHP/eval-stdin.php
  191 /phpunit/src/Util/PHP/eval-stdin.php
  190 /phpunit/Util/PHP/eval-stdin.php
  189 /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
  188 /lib/phpunit/phpunit/Util/PHP/eval-stdin.php
  187 /lib/phpunit/src/Util/PHP/eval-stdin.php
  186 /lib/phpunit/Util/PHP/eval-stdin.php