Ever think you could never be a part of a botnet without knowing about it? There are millions of PCs out there infected. Most of the owners do not know about it, many don’t know enough about it to realize they have a problem and some just don’t care. But it is a serious issue.
I found some interesting activity on my website recently that really highlights how alive and well these botnets really are. I have a Wiki set up that I don’t really publicize since it really is only a collection of notes that I find convenient to have accessible online. A few months ago a spammer found it. Now, I am at fault for not initially disabling open registration which means anyone could sign up for an account and add content. Well, over a few weeks using a botnet the spammer posted about 50,000 spam articles before I noticed they were there.
I’ve since cleaned up the mess and disabled open registration. However, the botnet was still chugging away trying to create new accounts and post articles. Trying to ease the traffic I started blocking IP address ranges from the worst offending networks. This helped a lot but they were still chewing up bandwidth. Finally I just blocked everyone but my own IP address to see how long it would take before they gave up.
They are still trying harder and harder.
So, normal traffic to my site was about 30 visitors a month. As soon as I noticed this jumped I knew exactly what happened. After I cleaned up the mess and blocked most of the offending networks my bandwidth dropped back down but I still can’t see normal visitors through the noise. Finally I gave up and just blocked everyone but my own IP address. If you try to access the Wiki now you will get a “403 Forbidden” error.
I noticed the traffic dropped significantly when people shut down the machines over the long 4th of July holiday weekend. So, your machines are infected but you don’t know or don’t care enough to figure it out and fix it? Hmmm…
What did surprise me was the source of the traffic. Apparently most traffic is coming from Canada followed in second by France. USA is 4th… Why would the Canadian and French machines go down over the 4th weekend? I’m at a loss on that one.
Now, even though the entire site is blocked returning a 403 error, instead of giving up and going away they seem to be trying even harder. After I blocked everyone the hits dropped to about 160k in May. However, in June this jumped to 1.2 million! And now about a third of the way into July it’s already passed that at 1.4 million? Geesh! That’s on track for almost 5 million hits this month.
I may put it back online in a few weeks. However, the 15 byte error page takes up a lot less bandwidth than the actual site pages so we’ll see.