Skip To Navigation

Spam So Far

The usual story: I was bored. So I checked my logs, to see if anything interesting was happening. First thing I noticed was that the botnet that started attacking over Christmas had stopped a couple of weeks ago.

Still, I took the latest log file and wrote a quick script to throw it at a GeoIP database, and got: 86% USA, 6% Canada, 2% for each of UK/France/Netherlands/Spain, and 5% between 18 other countries. Total sample: 4209 hits.

I /could/ conclude that the countries with most bot infections have the most online idiots, though that's probably not fair. It's more likely that the operators of this particular botnet are American, and that the trojan spreads via email or IM. If the messages and/or websites it uses are English, that would partly explain the top 3 being USA/Canada/UK.

So then I took a week's worth of my spam log, most of which is open proxies. During this time I didn't get any legitimate comments, but I got 125 spam attempts. One got through. 42 were from Korea, 22 the USA, 6 Japan, 4 China. 34 different countries in all, from Algeria to (New) Zealand.

Open proxies are spread wider than the botnet above, and by their very nature, anyone can (ab)use them with little effort. The stats above seem to indicate that most Western countries have this bit of security sorted, something (language gap?) is keeping Koreans from fixing their servers.

And the final, annoyingly minor, annoyance: every one of the botnet hits used the standard IE6 user-agent string. So my stats for last month read 80%, which I know simply isn't true. For one, I'd be willing to bet that I personally make up about 20% of this site's hits. :|

My current spam code is flimsy, but for the most part it works. That's the problem with most of my code at the moment - it's ugly, spaghettified, and inefficent, but for the most part, it does the job. When it does go wrong, it's always less effort to hack a fix onto it than correct the real problem. Could be my fault for using PHP, but we'll save that one for another day...

⇐01 Mar 2006 - ChatZilla Nits / 27 Feb 2006 - -⇒

Feedback

Feedback is closed. Feel free to contact me privately.

tH