|

Sources of Cyber Attacks for Our Site in 2023

Updated: January 5, 2024

(in no particular order)

NameASNType of Attack
CogentAS174All Kind of Attacks
EonixASN62904SEO Bots and Spam
23 Shells / Server ManiaAS55081SEO Bots and Spam
Shenzhen TencentAS45090All Kind of Attacks
Datacamp / IPXOAS212238All Kind of Attacks
Sprious / Blazing SEOAS397630SEO Bots and Spam
Sprious / Blazing SEOAS64267SEO Bots and Spam
Digital OceanAS14061All Kind of Attacks
KamateraAS36007All Kind of Attacks
HostRoyalAS207990All Kind of Attacks
HostRoyalAS203020All Kind of Attacks
Panq B.V. / Latitude.sh (?)AS396356All Kind of Attacks
Powerhouse Management / UnusAS22363All Kind of Attacks
Paradise Networks / UnusAS40861General Hacking, SQL Attacks
LeasewebAS396190Bots, Spam, Brute Force
LeasewebAS7203Bots, Spam, Brute Force
LeasewebAS30633Bots, Spam, Brute Force
LeasewebAS27411Bots, Spam, Brute Force
LeasewebAS19148Bots, Spam, Brute Force
LeasewebAS393886Bots, Spam, Brute Force
LeasewebAS395954Bots, Spam, Brute Force
ColoCrossingAS36352Bots, Spam, Brute Force
The Constant Company / Vultr HoldingsAS20473General Hacking, SQL Attacks
IPXOAS206092All Kind of Attacks
IPXOAS834All Kind of Attacks
GSL Networks / globalsecurelayer.comAS137409Bots, Spam, Brute Force
Alibaba CloudAS45102All Kind of Attacks
OVH AS16276All Kind of Attacks
Orion Network / FIBERGRIDAS41564Bots, Spam, Brute Force
FibergridAS37518All Kind of Attacks
Amazon / AWSAS16509All Kind of Attacks
LinenetAS394711All Kind of Attacks
Akamai Connected Cloud / LinodeAS63949All Kind of Attacks
HetznerAS24940All Kind of Attacks
  • Over 40% of attacks came from Singapore IPs, including AWS ones. I’m seriously thinking to completely Block Singapore as Country. A large amount came from China, France, Germany, Netherland and Finland IPs.
  • Most spam came from Canada IPs and Networks.
  • A LOT of attacks came from Microsoft Azure and Amazon AWS. Both of them, downplayed our Abuse Reports.
  • Amazon AWS hosts most of SEO Bots and other Scrapers and data stealing bots. Impossible to block all that crap from AWS. That is why they choose AWS, because webmasters are not willing to completely block AWS IP ranges.
  • Google has also a place in Attacks, from their cloud services, “googleusercontent.com”. I wish they used their so-called “AI” to somehow minimize the attacks from THEIR “customers”. But we are lucky, we can easily block them by their Hostname, using one rule.
  • I’m sorry to see what Linode has become, after the Akamai merge. A source of attacks, spam and other illegal activities. We can also block them (partially) using their Hostname “linodeusercontent.com”.
  • A LOT of obscure networks involved in attacks seems to be legaly (?) registered in Netherlands.
  • Contrary to popular belief, we got only a few attacks from Russia and Ukraine.