Forum Home
    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Popular

    Which countries host spam?

    Attacks and Feathercoin Security
    2
    5
    5234
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • wrapper
      wrapper Moderators last edited by wrapper

      I’ve combined a list of repeat offenders, spam, ssh attacks as a general research. Cross checked with http://www.stopforumspam.com/

      Where does all this spam comes from? Is it all proxied? are some IP ranges the wild west? Are there many botnets being used? Are some questions worth asking.

      The chart shows “ranges” where multiple spamming or other abuse has been logged. Thousands of data points have been compressed to about 550 IP ranges susceptible to hosting spammers.

      Some of the ranges are particular host services otherwise they are random IPs from bots or a rogue spammer exploiting a school or someone using their own or someone else’s phone or PC.

      Also, note that USA might have most, but they have way more connections, so proportionally you’d expect them to be high. The same applies to the China figures which may be small proportionally for such a large population.

      banlist country analysis 19 01 2016 ordered

      M 1 Reply Last reply Reply Quote 0
      • M
        mirrax @wrapper last edited by

        @wrapper said:

        I’ve combined a list of repeat offenders, spam, ssh attacks as a general research. Cross checked with http://www.stopforumspam.com/

        Where does all this spam comes from? Is it all proxied? are some IP ranges the wild west? Are there many botnets being used? Are some questions worth asking.

        The chart shows “ranges” where multiple spamming or other abuse has been logged. Thousands of data points have been compressed to about 550 IP ranges susceptible to hosting spammers.

        Some of the ranges are particular host services otherwise they are random IPs from bots or a rogue spammer exploiting a school or someone using their own or someone else’s phone or PC.

        Also, note that USA might have most, but they have way more connections, so proportionally you’d expect them to be high. The same applies to the China figures which may be small proportionally for such a large population.

        https://cloud.githubusercontent.com/assets/4609536/12433055/cdeca080-bef6-11e5-8e9b-d3e81a7a83b3.jpg

        Czechoslovakia? Seriously?

        1 Reply Last reply Reply Quote 0
        • wrapper
          wrapper Moderators last edited by wrapper

          Thanks for the spell checking but copying the error sort of defeats the point. I’ve pushed a fix to your issue to Github.

          1 Reply Last reply Reply Quote 1
          • wrapper
            wrapper Moderators last edited by wrapper

            Verizon Routing Millions of IP Addresses for Cybercrime Gangs

            Over the past few years, spammers have sought out large ranges of IP addresses.

            By spreading out their sending patterns across a wide range of IP addresses, they can attempt to defeat spam filters and get spam and malware emails delivered where they are not wanted.

            However, IPv4 addresses are getting scarce and hard to come by. In fact, as of September 2015, the Internet Registry ARIN (American Registry for Internet Numbers) allocated the final block of IPv4 addresses from its free pool.

            Because spammers can’t easily obtain new IP addresses through legitimate means, they frequently resort to stealing IP address blocks that are dormant and aren’t being utilized by the rightful owners.

            There is a thriving black market in IP addresses; spammers don’t care whether the source of their IP addresses is legitimate or even legal. A cybercriminal that can steal a large IP address block (for example, a /16 or 65,536 IP addresses) can generate thousands of dollars per month.

            For cybercriminals to make use of their stolen blocks however, a crucial step is to find an Internet Service Provider(ISP) or network with the ability to route these IP addresses to the rest of the Internet by using an autonomous system number (ASN).

            Also crucial is finding an ISP who won’t look too closely at the highly suspicious routing request. To get the routes to their stolen IP addresses announced, criminals will present forged authorization documents (which constitutes felony wire fraud under U.S. law).

            http://www.spamhaus.org/news/article/726/

            https://www.spamhaus.org/statistics/networks/

            1 Reply Last reply Reply Quote 0
            • wrapper
              wrapper Moderators last edited by wrapper

              Researchers have discovered multiple botnets January 27, 2016

              In 2014, law enforcement agencies revealed that they had disrupted a Russian botnet that targeted personal bank accounts and stole $100 million.

              Ben-Gurion University of the Negev cyber security researchers have discovered and traced approximately six botnets by analyzing data collected from past cyber attacks. The research was conducted at Deutsche Telekom Innovation Labs@BGU and was announced at Cybertech 2016 in Tel Aviv today.

              Botnets are networks of malicious, remotely updatable code that covertly lurk on infected computers. Using botnets, which until now were largely untraceable, hackers and cyber criminals can carry out powerful attacks, spread viruses, generate spam, and commit other types of online crime.

              http://phys.org/news/2016-01-multiple-botnets.html

              Know your Enemy: Tracking Botnets : Using honeynets to learn more about Bots

              https://www.honeynet.org/book/export/html/50

              1 Reply Last reply Reply Quote 0
              • First post
                Last post