Previous week I wrote about Chinese spammers and hackers. After the to start with shock I made the decision to install a Honeypot for Spammers. It worked splendidly.
The definition of a Honeypot
“A server that is configured to detect an intruder by mirroring a real production method. It appears as an everyday server performing function, but all the details and transactions are phony. Found both in or outside the firewall, the honeypot is utilised to discover about an intruder’s tactics as very well as figure out vulnerabilities in the true system.”
How a Honeypot works
The most difficult occupation is to set up the Ads. This is a piece of computer software that can distinguish regular and anomalous targeted traffic. The sincere customer of the site should not be delayed or aggravated by security obstacles. On the other aspect the spammer need to find an easy focus on, the place to unload his spam.
It’s been humorous to enjoy the pot through 24 several hours of action. I experienced the Adverts programmed to deliver me an alert when it detected someone leeching on the pot. So I could observe the leecher/spammer in genuine time.
|Most of the spammers and hackers experienced been youngsters or men with no other knowledge than how to run a script. About 80% of them used the exact same toolkit. I let them leech. Even though they believed that they had uncovered an quick goal, they still left valuable details to me. Just after 24 hours I shut the doorways for them with a malicious grin on my encounter.|
Regretably there experienced also been 2 seriously severe fellas who realized a major bunch of methods. Just one came from the United states (ENZUINC Cloud network). This just one tried using to convey in worms that could go up to root degree. I knocked him out promptly and educated his ISP. The ISP is now soon after him …
The other one particular arrived from the Netherlands Noord-holland, Amsterdam. He adjusted his IP tackle at high pace and utilized nearly all network blocks of his provider (Ecatel Ltd.) Also this a person I experienced to lock out instantly. This action could lock out a lot of honest Dutch people. These are 0.23% of our people. I hope this Ecatel Ltd. can locate the guy speedily and halt him eternally. I would like to re-open the Dutch gate.
The worst are the Chinese and the Ukrainians
|98% of all spam attacks arrived from mainland China and not one from Taiwan. Another 1% of the attacks arrived from the Ukraine. I basically locked all the address blocks of CHINANET FUJIAN PROVINCE Community and KYIVSTAR GSM UKRAINE. There had been nearly no truthful site visitors coming from both equally networks, but they manufactured server loads of up to 20%.|
Dont’ cry – halt spam !
BTW: I am a CISSP