fortypoundhead.com

Hey, China! Lay off the spam.

Posted On 2014-11-13 by dwirch
Keywords:
Tags: Blog General Webmaster Related 
Views: 1794


Recently, I noticed a comment on a friends Facebook page regarding the number of attempts at accessing the back end of his website which originated from China.  I know malcontents hit my site all day long, but why not take a peek?

I jumped into my logs, just to see what the "China threatcon level" is currently. I kept it simple, and only targeted the last 1000 suspicious unique visits. A suspicious visit is one that either attempts an access through a vulnerability (SQL injection, PHP or server vulnerability, etc), or attempts forum/comment spam.  I've built some scripts to detect this stuff, and store it in a tracking database for later use, like this reporting.

Of the 1000 visits, 687 hits came from China, with Ukraine coming behind at a distant second place with 95 attempts. Russia is in third place, with only 11 forum spam attempts.

Of note, it's not the entire country of China that is burning up the interwebs. In going through the log files, I've found that there a few Class A netblocks, and a couple Class Bs where the majority of Chinese spam and break-in attempts come from:

  • 27.x.x.x
  • 110.x.x.x
  • 117.26.x.x
  • 125.78.x.x
  • 72.46.x.x

Just to name a few.

Let's be safe out there, people.

Here is a pie chart, if you're hungry:

Suspicious Connections by Country of Origin


About the Author

dwirch has posted a total of 174 articles.

You can find more information from dwirch by visiting http://www.derekwirch.com.


Comments On This Post

No comments on this post yet!


Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.


Your IP address is:54.156.39.44

Before you can post, you need to prove you are human. If you log in, this test goes away.



Recent Forum Posts

New security implemented
dwirch posted on July 23, 2017 at about 6:58 in Site News

Fold Code Manager into main KB?
VB6Boy posted on July 22, 2017 at about 14:42 in Site News

Fold Code Manager into main KB?
dwirch posted on July 22, 2017 at about 14:41 in Site News

Fold Code Manager into main KB?
dwirch posted on July 21, 2017 at about 22:46 in Site News

Fold Code Manager into main KB?
dwirch posted on July 20, 2017 at about 7:55 in Site News

Job Spammer: Sam Mallon
dwirch posted on July 18, 2017 at about 18:36 in Spammers