Large Botnet Attack

MAY18 2006

So, the inspiration for writing this script was so that I could quickly and effortlessly visualize some of the stats from my webserver logs on the fly. The reason was that I have noticed a huge influx of comment-spam attempts on my personal blog, this blog, and the Nashville Metblog.

I have access to the logs on the first two, and it was obvious from casual inspection that each attempt was coming from a different IP and network: i.e., it is coming from a botnet. I suspected that the spam influx on all these hosts was from the same botnet, and it appears that I was right. Out of 3-400 unique IP addresses making the spam attempts on those first two sites, around 200 of them had hit both servers. And lest there was any doubt, compare these two graphs of the comment-spam attempts per hour:

centresource spam attempt graph

quietlife spam attempt graph

Note the same spikes, where you can see the botnet being flipped on and off. The volume of spam here relative to comment-spam spikes I’ve seen in the past is not really that large, but what’s striking is how widespread the targets of the botnet is.

Tags: Miscellaneous

Comments {1}

This entry was posted on Thursday, May 18th, 2006 at 11:38 am and is filed under Miscellaneous. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Large Botnet Attack”

Comments

Comment by Tom Taylor

December 21, 2007 @ 2:57 pm

I don’t really understand why they bother with spamming places.
Are people paying for this as some kind of underworld link building scheme or somthing?

centre{source}

INTERACTIVE AGENCY