Hey, China! Lay off the spam.
Recently, I noticed a comment on a friends Facebook page regarding the number of attempts at accessing the back end of his website which originated from China. I know malcontents hit my site all day long, but why not take a peek?
I jumped into my logs, just to see what the "China threatcon level" is currently. I kept it simple, and only targeted the last 1000 suspicious unique visits. A suspicious visit is one that either attempts an access through a vulnerability (SQL injection, PHP or server vulnerability, etc), or attempts forum/comment spam. I've built some scripts to detect this stuff, and store it in a tracking database for later use, like this reporting.
Of the 1000 visits, 687 hits came from China, with Ukraine coming behind at a distant second place with 95 attempts. Russia is in third place, with only 11 forum spam attempts.
Of note, it's not the entire country of China that is burning up the interwebs. In going through the log files, I've found that there a few Class A netblocks, and a couple Class Bs where the majority of Chinese spam and break-in attempts come from:
- 27.x.x.x
- 110.x.x.x
- 117.26.x.x
- 125.78.x.x
- 72.46.x.x
Just to name a few.
Let's be safe out there, people.
Here is a pie chart, if you're hungry:
About this post
Posted: 2014-11-13
By: dwirch
Viewed: 3,145 times
Categories
General
Webmaster Related
Blog
Attachments
Loading Comments ...
Comments
No comments have been added for this post.
Sorry. Comments are frozen for this article. If you have a question or comment that relates to this article, please post it in the appropriate forum.