Hackers – Were are located the “web rats” ?
Here is below an analysis performed in July and August 2015 (when we had time for this).
If you are a webmaster, your probaly noticed that your website is repeadedly attacked by various Viagra sellers, porno promoters and other “web rats”, trying to use your server as a Spam relay.
We were curious to see where these intrusions attempts come from. So we developped a set of PHP scripts to collect what comes in our log files, and this it what it gives.
Important remark: This is based on Apache logs on our server, and it does not mean that any of the above companies are doing voluntar piracy. They just probably have one or several “web rats” using abusivly one of their computers. Until now, every “abuse” service contacted in these companies replied quickly and politly (except one).
| 32 Autonomous Systems |
| ASN | Owner name | Owner description | Country code | Number of hacks |
|---|---|---|---|---|
| 7 939 | ||||
| AS24940 | Hetzner Online GmbH | DE | 3 023 | |
| AS26496 | GoDaddy.com, LLC (GODAD) | AS26496 | US | 1 294 |
| AS15895 | Kyivstar GSM | Ukrainian mobile phone operator | UA | 339 |
| AS14618 | Amazon Technologies Inc. (AT-88-Z) | Amazon EC2 Network Operations | US | 218 |
| AS3595 | GNAXNET-AS – Global Net Access, LLC,US | GNAXNET-AS – Global Net Access, LLC,US | US | 211 |
| AS46661 | Illuminated Hosting Service, LLC | Illuminated Hosting Service, LLC | US | 194 |
| AS47814 | Stream Networks, DHCP Riga | Stream Networks | LV | 145 |
| AS46606 | Unified Layer | Unified Layer | US | 136 |
| AS28573 | Net Serviços de Comunicação S.A. | Grupo de Seguran�da Informa� V�ua | BR | 133 |
| AS16276 | OVH OVH SAS,FR | OVH OVH SAS,FR | FR | 124 |
| AS197695 | Reg.Ru Hosting | Reg.Ru Network Operations | RU | 37 |
| AS25535 | RU-NIC NOC | RU-NIC is a hosting and technical support organization | RU | 29 |
| AS34876 | SMART SISTEMZ TECHNOLOJI | Smart Systems Technology IP range | AZ | 27 |
| AS48716 | PS Internet Company LLC | KZ | 25 | |
| AS6697 | HOSTER.BY | Reliable Software, Inc. | BY | 23 |
| AS8167 | Brasil Telecom S/A – Filial Distrito Federal | Brasil Telecom S. A. – CNBRT | BR | 10 |
| AS8560 | 1&1 Internet Inc. | 1&1 Internet Inc. | US | 9 |
| AS9931 | CAT TELECOM Data Comm. Dept, IDC Office | CAT-AP The Communication Authoity of Thailand, CAT,TH | TH | 7 |
| AS30902 | Neda Network | Pars Data | IR | 6 |
| AS13188 | TRIOLAN | Evgeniy V Kolesnikov | UA | 4 |
| AS38365 | Baidu | Beijing Baidu Netcom Science and Technology Co., Ltd. | CN | 3 |
| AS20738 | Heart Internet | Webfusion Internet Solutions,GB | GB | 2 |
| AS9891 | CS LOXINFO PUBLIC COMPANY LIMITED | CS LOXINFO PUBLIC COMPANY LIMITED | TH | 2 |
| AS4323 | tw telecom holdings, inc. | TWTC – tw telecom holdings, inc.,US | US | 2 |
| AS44050 | ToussaintDesaulniers-net | ToussaintDesaulniers-net | RU | 2 |
| AS38283 | CHINANET Sichuan province network | CHINANET Sichuan province network | CN | 2 |
| AS47583 | HOSTINGER US | HOSTINGER US | US | 1 |
| AS29169 | GANDI | Gandi | FR | 1 |
| AS13489 | EPM Telecomunicaciones S.A. E.S.P. | EPM Telecomunicaciones S.A. E.S.P. | CO | 1 |
| AS47544 | ECENTER SP. Z O.O. | ECENTER SP. Z O.O. | PL | 1 |
| AS30633 | Leaseweb USA, Inc. (LU) | Leaseweb USA, Inc. (LU) | US | 1 |
| Total number of hacks | 13 951 | |||
Then if we compute a total by country, surprisingly a majority of hacks are coming from USA, Deutschland and France:
| 29 countries |
| Country name | Country code | Number of hacks |
|---|---|---|
| 8 267 | ||
| United States | US | 3 106 |
| Deutschland | DE | 3 023 |
| France | FR | 474 |
| Ukraine | UA | 343 |
| Latvia | LV | 145 |
| Brazil | BR | 143 |
| United Kingdom | GB | 139 |
| Russian Federation | RU | 126 |
| Netherlands | NL | 87 |
| Czech Republic | CZ | 81 |
| South Africa | ZA | 79 |
| Hungary | HU | 76 |
| Canada | CA | 52 |
| Italy | IT | 47 |
| Thailand | TH | 38 |
| Kazakhstan | KZ | 35 |
| Belarus | BY | 31 |
| Azerbaijan | AZ | 27 |
| Sweden | SE | 23 |
| Japan | JP | 13 |
| Australia | AU | 10 |
| Iran | IR | 8 |
| China | CN | 6 |
| Bulgaria | BG | 3 |
| Spain | ES | 2 |
| Poland | PL | 2 |
| Hong Kong | HK | 1 |
| Colombia | CO | 1 |
| Total number of hacks | 16 388 | |
sungrist_bible
What is it possible to do with these spamers like zrus that use your webiste to get into the porn sites?
admin
Hi,
I did not find time to investigate some more. Using “WordPress” to build my web sites, with security plugins like “Ithemes Security” seems to protects quite well. It’s important to keep all that software up to date (I ckeck once a week) and of course make backups every day.
It miss a world cyber police, I think…
I took a look at your website bout Bible, interesting..
Regards,
JFR