SiliconAngle reports that over 240,000 hosts are being identified by a Shodan search to be Confluence servers even though the total number of internet-exposed Confluence servers is only about 4,000. Such a discrepancy signifies the excessive number of Confluence honeypots, or decoy systems made to impersonate legitimate software in a bid to attract threat actors, which could result in the overestimation of possible risks facing Confluence servers, a report from VulnCheck showed.
Source: SC Magazine