This paper aims to study the case of hacker/intrusion activities on Content Management System (CMS) websites. CMSs are tools for creating and maintaining commercial-quality websites. Their popularity has increased, but so has their complexity and the number of third-party modules. These, however, increase the risk of vulnerabilities. The current study investigates the amount of incoming traffic that could be potentially malicious and where it originates. Additionally, we study if CMS’s based on different CMS software attract different kinds of traffic. Three virtual websites (running on the same computer) have been registered and launched to implement this study. Each site runs its own popular CMS software, but its content is identical (a weblog with a simple template). The sites run for six months on a platform of a commercial web hosting provider. This study is empirical in nature, and the analysis is based on logging every HTTP request that was sent to the sites. This was done using the logging capabilities of the web server software Apache. The sites were compared with each other, with an established website and an empty website. Our analysis shows that more than 90% of all traffic to the websites (both old and new) is potentially malicious. The results highlighted that a large majority of the intrusion attempts are very unsophisticated: they do not try to exploit any specific vulnerabilities of the underlying CMS. Therefore, keeping the CMS up-to-date and following CMS hardening practices is enough to repel these attacks.

1. Internet Live Statistics. (2019) Total number of web pages. [Online]. Available: https://bit.ly/3pry48f
2. N. Kiyoshi, “Website evaluation using cluster structures,” Journal of Advances in Technology and Engineering Research, vol. 5, no. 1, pp. 21–26, 2019. doi: https://doi.org/10.20474/jater-5.1.3
3. S. Grossenbacher. (2019) If your CMS is attacked, can your security protect you? [Online]. Available: https://bit.ly/3purj5U
4. The Federal Bureau of Investigation. (2007) Operation: Bot roast – bot-herders charged as part of initiative. [Online]. Available: https://bit.ly/37SfrEx
5. R. Tahir, M. Huzaifa, A. Das, M. Ahmad, C. Gunter, F. Zaffar, M. Caesar, and N. Borisov, “Mining on someone elses dime: Mitigating covert mining operations in clouds and enterprises,” in Research in Attacks, Intrusions, and Defenses (RAID), M. Dacier, M. Bailey, M. Polychronakis, and M. Antonakakis, Eds. Cham, Switzerland: Springer, 2017.
6. M. Abu Rajab, J. Zarfoss, F. Monrose, and A. Terzis, “A multifaceted approach to understanding the botnet phenomenon,” in Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, Rio de Janeriro, Brazil , 2006.
7. ZDNet. (2018) A botnet of over 20,000 wordpress sites is attacking other wordpress sites. [Online]. Available: https://zd.net/3rAcQqW
8. N. Kiyoshi, “Website evaluation using cluster structures,” Journal of Advances in Technology and Engineering Research, vol. 5, no. 1, pp. 25–36, 2019. doi: https://doi.org10.20474/jater-5.1.3
9. S. McKeever, “Understanding web content management systems: Evolution, lifecycle and market,” Industrial Management & Data Systems, vol. 103, no. 9, pp. 686–692, 2003.
10. N. Ugtakhbayar, B. Usukhbayar, S. H. Sodbileg, and J. Nyamjav, “Detecting tcp based attacks using data mining algorithms,” International Journal of Technology and Engineering Studies, vol. 2, no. 1, pp. 1–4, 2016. doi: https://doi.org/10.20469/ijtes.2.40001-1
11. B. Boiko, “Understanding content management,” Bulletin of the American Society for Information Science and Technology, vol. 28, no. 1, pp. 8–13, 2001. doi: https://doi.org/10.1002/bult.221
12. W3Tech. (2013) Usage statistics and market share of content management systems for websites. [Online]. Available: https://bit.ly/3pk82Uy
13. ZDNet. (2020) Millions of wordpress sites are being probed and attacked with recent plugin bug. [Online]. Available: https://zd.net/2KHz6hR
14. M. Niinimaki, V. Pajula, J. Lawrence, and K. Chanyalikit, “Attacks on newly registered websites, a comparison,” Kasem Bundit Engineering Journal, vol. 8, pp. 183–192, 2018.
15. S. K. Patel, V. R. Rathod, and J. B. Prajapati, “Comparative analysis of web security in open source content management system,” in International Conference on Intelligent Systems and Signal Processing (ISSP), Gujarat, India. IEEE, 2013, pp. 344–349.
16. M. Meike, J. Sametinger, and A. Wiesauer, “Security in open source web content management systems,” IEEE Security & Privacy, vol. 7, no. 4, pp. 44–51, 2009.
17. G. Vaidyanathan and S. Mautone, “Security in dynamic web content management systems applications,” Communications of the ACM, vol. 52, no. 12, pp. 121–125, 2009. doi: https://doi.org/10.1145/1610252.1610284
18. H. Trunde and E. Weippl, “Wordpress security: An analysis based on publicly available exploits,” in Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services, Brussels, Belgium, 2015.
19. I. Cernica and N. Popescu, “Wordpress honey-pot module,” in 16th International Conference on Embedded and Ubiquitous Computing (EUC), Bucharest, Romania. IEEE, 2018.
20. Symantec. (2019) Internet security threat report. [Online]. Available: https://bit.ly/2KWBFMH
21. Verizon. (2020) Data breach investigations report. [Online]. Available: https://vz.to/3hnGfj3
22. K. Fu, E. Sit, K. Smith, and N. Feamster, “The dos and don’ts of client authentication on the web,” in USENIX Security Symposium, Washington, DC, WA, 2001, pp. 251–268.
23. A. K. Kyaw, F. Sioquim, and J. Joseph, “Dictionary attack on wordpress: Security and forensic analysis,” in Second International Conference on Information Security and Cyber Forensics (InfoSec), Cape Town, South Africa, 2015.
24. P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna, “Cross site scripting prevention with dynamic data tainting and static analysis,” in NDSS Symposium, San Diego, CA, 2007.
25. P. Chen, L. Desmet, and C. Huygens, “A study on advanced persistent threats,” in International Conference on Communications and Multimedia Security, Madgeburg, Germany, 2014.
26. C. Valli, P. N. Rabadia, and A. Woodward, “A profile of prolonged, persistent SSH attack on a Kippo based honeynet,” in Proceedings of Annual Confernece on Digital Forencics, Security and Law, Daytona Beach, FL, 2015.

M. Niinimaki, J. Lawrence, K. Chanyalikit and V. Pajula, & Attacks on newly registered content management websites – A comparison & International Journal of Technology and Engineering Studies, vol. 6, no. 1, pp.1–7, 2020. Doi: https://dx.doi.org/10.20469/ijtes.6.10001-1