Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: Collaborative 404 Error Page Reporting - Internet Security | DShield Collaborative 404 Error Page Reporting


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Summary

The 404Project collects "Page Not Found" errors from web servers. To particiapte, use our Raspberry Pi Honeypot, or add one of the code snippets below to your custom 404 error page.

We started the project to find an easy way to look at web application attack trends. Attackers often search for vulnerable applications, and in the process generate 404 errors on sites that do not use these applications. The error logs give us an insight into what vulnerabilities attackers attempt to exploit.

Current Reports

You must have an ISC Portal ID and API Key to use this tool. Once logged in and submitting data, you can view your 404 summary information. Jump to the Instructions to get started!

The following fields are collected in addition to being stored with the date, time and your credentials:

  • Full request URL including parameters ($_SERVER['REQUEST_URI'])
  • Client IP address ($_SERVER['REMOTE_ADDR'])
  • Client User-Agent ($_SERVER['HTTP_USER_AGENT'])

Optionally you can mask an IP for privacy or legal concerns. Mask ranges from 0xff000000/8 to no mask 0xffffffff/32 can be applied.

Please contact us with feedback or if you experience and trouble or need further assistance setting this up.

Instructions

  1. Sign Up for an ISC account or, if you are currently a member, login and visit My Account then go to the next step
  2. Note your userID number in the right column under "Logged in as:" on My Account
  3. Note your "Your Authentication Key:" in section My Account
  4. Paste this PHP code snippet into your 404 error page
  5. In the code, update [Your ISC ID] and [Your Authentication Key] with the info you noted from My Account

Alternative Languages

    Python
  • Steve Milner posted a Python port [1] of the code. SHA1SUM: 12394939d264d7c10531f781b9184dfd2d1435c1
    .NET
  • Joseph Faust created a .NET port [1] of the code.

[1] Indicates code not developed or maintained by the Internet Storm Center. Please evaluate carefully and contact the developer directly for support.