Hey, China! Lay off the spam.

Posted On 2014-11-13 by dwirch
Tags: Blog General Webmaster Related 
Views: 2343

Recently, I noticed a comment on a friends Facebook page regarding the number of attempts at accessing the back end of his website which originated from China.  I know malcontents hit my site all day long, but why not take a peek?

I jumped into my logs, just to see what the "China threatcon level" is currently. I kept it simple, and only targeted the last 1000 suspicious unique visits. A suspicious visit is one that either attempts an access through a vulnerability (SQL injection, PHP or server vulnerability, etc), or attempts forum/comment spam.  I've built some scripts to detect this stuff, and store it in a tracking database for later use, like this reporting.

Of the 1000 visits, 687 hits came from China, with Ukraine coming behind at a distant second place with 95 attempts. Russia is in third place, with only 11 forum spam attempts.

Of note, it's not the entire country of China that is burning up the interwebs. In going through the log files, I've found that there a few Class A netblocks, and a couple Class Bs where the majority of Chinese spam and break-in attempts come from:

  • 27.x.x.x
  • 110.x.x.x
  • 117.26.x.x
  • 125.78.x.x
  • 72.46.x.x

Just to name a few.

Let's be safe out there, people.

Here is a pie chart, if you're hungry:

Suspicious Connections by Country of Origin

About the Author

dwirch has posted a total of 189 articles.

Comments On This Post

No comments on this post yet!

Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.

Your IP address is:

Before you can post, you need to prove you are human. If you log in, this test goes away.

Code Links