Here is below an analysis performed in July and August 2015 (when we had time for this).

If you are a webmaster, your probaly noticed that your website is repeadedly attacked by various Viagra sellers, porno promoters  and other “web rats”, trying to use your server as a Spam relay.

We were curious to see where these intrusions attempts come from. So we developped a set of PHP scripts to collect what comes in our log files, and this it what it gives.

Important remark: This is based on Apache logs on our server, and it does not mean that any of the above companies are doing voluntar piracy. They just probably have one or several “web rats” using abusivly one of their computers. Until now, every “abuse” service contacted in these companies replied quickly and politly (except one).

32 Autonomous Systems
ASN Owner name Owner description Country code Number of hacks
7 939
AS24940 Hetzner Online GmbH DE 3 023
AS26496 GoDaddy.com, LLC (GODAD) AS26496 US 1 294
AS15895 Kyivstar GSM Ukrainian mobile phone operator UA 339
AS14618 Amazon Technologies Inc. (AT-88-Z) Amazon EC2 Network Operations US 218
AS3595 GNAXNET-AS – Global Net Access, LLC,US GNAXNET-AS – Global Net Access, LLC,US US 211
AS46661 Illuminated Hosting Service, LLC Illuminated Hosting Service, LLC US 194
AS47814 Stream Networks, DHCP Riga Stream Networks LV 145
AS46606 Unified Layer Unified Layer US 136
AS28573 Net Serviços de Comunicação S.A. Grupo de Seguran�da Informa� V�ua BR 133
AS16276 OVH OVH SAS,FR OVH OVH SAS,FR FR 124
AS197695 Reg.Ru Hosting Reg.Ru Network Operations RU 37
AS25535 RU-NIC NOC RU-NIC is a hosting and technical support organization RU 29
AS34876 SMART SISTEMZ TECHNOLOJI Smart Systems Technology IP range AZ 27
AS48716 PS Internet Company LLC KZ 25
AS6697 HOSTER.BY Reliable Software, Inc. BY 23
AS8167 Brasil Telecom S/A – Filial Distrito Federal Brasil Telecom S. A. – CNBRT BR 10
AS8560 1&1 Internet Inc. 1&1 Internet Inc. US 9
AS9931 CAT TELECOM Data Comm. Dept, IDC Office CAT-AP The Communication Authoity of Thailand, CAT,TH TH 7
AS30902 Neda Network Pars Data IR 6
AS13188 TRIOLAN Evgeniy V Kolesnikov UA 4
AS38365 Baidu Beijing Baidu Netcom Science and Technology Co., Ltd. CN 3
AS20738 Heart Internet Webfusion Internet Solutions,GB GB 2
AS9891 CS LOXINFO PUBLIC COMPANY LIMITED CS LOXINFO PUBLIC COMPANY LIMITED TH 2
AS4323 tw telecom holdings, inc. TWTC – tw telecom holdings, inc.,US US 2
AS44050 ToussaintDesaulniers-net ToussaintDesaulniers-net RU 2
AS38283 CHINANET Sichuan province network CHINANET Sichuan province network CN 2
AS47583 HOSTINGER US HOSTINGER US US 1
AS29169 GANDI Gandi FR 1
AS13489 EPM Telecomunicaciones S.A. E.S.P. EPM Telecomunicaciones S.A. E.S.P. CO 1
AS47544 ECENTER SP. Z O.O. ECENTER SP. Z O.O. PL 1
AS30633 Leaseweb USA, Inc. (LU) Leaseweb USA, Inc. (LU) US 1
Total number of hacks 13 951

Then if we compute a total by country, surprisingly a majority of hacks are coming from USA, Deutschland and France:

29 countries
Country name Country code Number of hacks
8 267
United States US 3 106
Deutschland DE 3 023
France FR 474
Ukraine UA 343
Latvia LV 145
Brazil BR 143
United Kingdom GB 139
Russian Federation RU 126
Netherlands NL 87
Czech Republic CZ 81
South Africa ZA 79
Hungary HU 76
Canada CA 52
Italy IT 47
Thailand TH 38
Kazakhstan KZ 35
Belarus BY 31
Azerbaijan AZ 27
Sweden SE 23
Japan JP 13
Australia AU 10
Iran IR 8
China CN 6
Bulgaria BG 3
Spain ES 2
Poland PL 2
Hong Kong HK 1
Colombia CO 1
Total number of hacks 16 388
Print Friendly, PDF & Email
    • Hi,
      I did not find time to investigate some more. Using “WordPress” to build my web sites, with security plugins like “Ithemes Security” seems to protects quite well. It’s important to keep all that software up to date (I ckeck once a week) and of course make backups every day.
      It miss a world cyber police, I think…

      I took a look at your website bout Bible, interesting..

      Regards,
      JFR

Leave a Reply

You have to agree to the comment policy.

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.