Hey, China! Lay off the spam.

By | 2014-11-13

Recently, I noticed a comment on a friends Facebook page regarding the number of attempts at accessing the back end of his website which originated from China.  I know malcontents hit my site all day long, but why not take a peek?

I jumped into my logs, just to see what the “China threatcon level” is currently. I kept it simple, and only targeted the last 1000 suspicious unique visits. A suspicious visit is one that either attempts an access through a vulnerability (SQL injection, PHP or server vulnerability, etc), or attempts forum/comment spam.  I’ve built some scripts to detect this stuff, and store it in a tracking database for later use, like this reporting.

Of the 1000 visits, 687 hits came from China, with Ukraine coming behind at a distant second place with 95 attempts. Russia is in third place, with only 11 forum spam attempts.

Of note, it’s not the entire country of China that is burning up the interwebs. In going through the log files, I’ve found that there a few Class A netblocks, and a couple Class Bs where the majority of Chinese spam and break-in attempts come from:

  • 27.x.x.x
  • 110.x.x.x
  • 117.26.x.x
  • 125.78.x.x
  • 72.46.x.x

Just to name a few.

Let’s be safe out there, people.

Here is a pie chart, if you’re hungry:

Spammer Chart

About this post

Posted: 2014-11-13
By: dwirch
Viewed: 3,147 times

Categories

General

Webmaster Related

Blog

Attachments

No attachments for this post

Add Attachment

Author: dwirch

Derek Wirch is a seasoned IT professional with an impressive career dating back to 1986. He brings a wealth of knowledge and hands-on experience that is invaluable to those embarking on their journey in the tech industry.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.