The paper presents the results of data analysis from a geographically distributed network of honeypot servers. A network of 4 honeypot servers was deployed more than two years ago. Analysis of the collected data has allowed us to build a network intrusion model. This model includes blacklists of attacking addresses for various internet services, statistics on the intensity of everyday intrusion attempts and an analysis of attacking addresses as belonging to providers of various countries. Special mention should be made of the ranked lists of major vulnerabilities that attackers use to attempt to break content management systems.