European Experts Exchange (EEE.org) :: Free Experts PHP MySql Oracle Microsoft Web SQL Delphi


Web :: General :: Hacktrend index of countries (hackability)
By: VGR	Date: 23/12/2009 19:42:23	Points: 0	Status: Answered Quality : Excellent
Looking at the error logs of my webserver, I noticed some countries are more prone than others to be the source of the attacks ; also, some are more prone than others to be compromised servers (especially in RFI probes). So, defining P as the population of attacks being examined, C is the set of countries represented in P and x being a country in C, I define Orig(x) as the number of occurences of x in the origins of the attacks in P, and Compro(x) as the number of occurences of x in the set of compromised machines in P I just defined the Hacktrend index as being Orig(x)*Compro(x) This index measures how a country's servers are prone to be penetrated and abused, as well as how many machines of that country are abused or hacked (or used by hackers). A low index is best. The bigger the index, the less sysadmins of that country are able to resist to abuse, penetration and illegal activities. On today on my webserver, this resolves to : P : - population of attacks and probes - FTP hack attempt = 3 HTTP relay attempt = 1 direct hack = 2 RFI probe = 44 Orig(x) : - infected machines or hackers - US 13 KR 5 RU 3 DE 4 CN 3 FR 2 HU 2 IT 2 TH 2 UK 1 global 1 (UK,US) others 12 (BR, AU, ID, EE, PT, CO, CR, UK, SE, CY) Compro(x) : - compromised machines - IT 12 US 11 KR 10 TH 4 ES 3 RU 2 SA 2 AU 1 CN 1 FR 1 NL 1 SU 1 TW 1 VN 1 And hence this the table of Hacktrend(x) : US 143 KR 50 IT 24 TH 8 RU 6 CN 3 FR 2 AU 1 Russia is not as badly placed as the rumor said ; KR, US and - surprisingly - IT are a lot worse... Asia-Pacific is leading for the worse, as induced by any sysop from everyday work. I will regularly post evolutions of this new index. HTH
By: VGR	Date: 24/12/2009 12:00:24		Type : Comment
OK, I designed a DB to keep track of daily reports. The Hacktrend © index is so far, on two days : +---------+-----------+ \| country \| hacktrend \| +---------+-----------+ \| US \| 244 \| \| KR \| 95 \| \| IT \| 28 \| \| RU \| 10 \| \| TH \| 10 \| \| DE \| 8 \| \| CN \| 7 \| \| ES \| 4 \| \| SA \| 3 \| \| ID \| 3 \| \| FR \| 3 \| \| AU \| 2 \| \| TW \| 2 \| \| CA \| 2 \| \| CR \| 2 \| \| HU \| 2 \| \| CY \| 2 \| \| UK \| 2 \| \| IS \| 1 \| \| EE \| 1 \| \| CO \| 1 \| \| PT \| 1 \| \| CL \| 1 \| \| SE \| 1 \| \| DK \| 1 \| \| UA \| 1 \| \| NL \| 1 \| \| JP \| 1 \| \| SU \| 1 \| \| BR \| 1 \| \| VN \| 1 \| +---------+-----------+ It'll be updated everyday and the results available on a dynamic page ASAP, time permitting. I just decided that an average display is probably more honest to show trends, so let it be : +---------+-----------+ \| country \| hacktrend \| +---------+-----------+ \| US \| 122.0000 \| \| KR \| 47.5000 \| \| IT \| 14.0000 \| \| RU \| 5.0000 \| \| TH \| 5.0000 \| \| DE \| 4.0000 \| \| CN \| 3.5000 \| \| CA \| 2.0000 \| \| HU \| 2.0000 \| \| ES \| 2.0000 \| \| ID \| 1.5000 \| \| FR \| 1.5000 \| \| SA \| 1.5000 \| \| UK \| 1.0000 \| \| SE \| 1.0000 \| \| CO \| 1.0000 \| \| BR \| 1.0000 \| \| CY \| 1.0000 \| \| AU \| 1.0000 \| \| NL \| 1.0000 \| \| CL \| 1.0000 \| \| SU \| 1.0000 \| \| DK \| 1.0000 \| \| IS \| 1.0000 \| \| VN \| 1.0000 \| \| UA \| 1.0000 \| \| EE \| 1.0000 \| \| JP \| 1.0000 \| \| PT \| 1.0000 \| \| CR \| 1.0000 \| \| TW \| 1.0000 \| +---------+-----------+

By: VGR	Date: 24/12/2009 12:05:00		Type : Comment
From an European point of view, in the major Internet countries (DE being the most prominent, but UK and FR also are players), the problems in FR come only from OVH (a hosting company which refuses to adhere to RFC on abuse email addresses, and doesn't play their role in fighting cybercrime and other illegal activities on their systems. It's never their fault...), the problems in DE come usually from 1and1.com (not a surprise...) and IT seems to be a cas à part as a lot of hosts seem infected and nobody cares (some clichés about the laziness of Italians come into my mind ;-)

By: VGR	Date: 26/12/2009 20:15:08		Type : Comment
here's the index after 4 days... +---------+-----------+ \| country \| hacktrend \| +---------+-----------+ \| US \| 184.0000 \| \| KR \| 79.6667 \| \| IT \| 10.0000 \| \| CN \| 9.0000 \| \| DE \| 6.6667 \| \| TH \| 6.3333 \| \| HU \| 6.0000 \| \| PE \| 5.0000 \| \| RU \| 4.6667 \| \| JP \| 2.5000 \| \| ES \| 1.6667 \| \| FR \| 1.6667 \| \| TW \| 1.6667 \| \| CA \| 1.5000 \| \| CO \| 1.5000 \| \| SA \| 1.5000 \| \| SE \| 1.5000 \| \| ID \| 1.3333 \| \| UK \| 1.3333 \| \| AU \| 1.0000 \| \| BR \| 1.0000 \| \| CL \| 1.0000 \| \| CR \| 1.0000 \| \| CY \| 1.0000 \| \| CZ \| 1.0000 \| \| DK \| 1.0000 \| \| EE \| 1.0000 \| \| IN \| 1.0000 \| \| IS \| 1.0000 \| \| MX \| 1.0000 \| \| NL \| 1.0000 \| \| NO \| 1.0000 \| \| PA \| 1.0000 \| \| PT \| 1.0000 \| \| RO \| 1.0000 \| \| SU \| 1.0000 \| \| UA \| 1.0000 \| \| VN \| 1.0000 \| +---------+-----------+

By: VGR	Date: 28/12/2009 09:44:57		Type : Comment
and after 5 days... +---------+-----------+ \| country \| hacktrend \| +---------+-----------+ \| US \| 127.2000 \| \| KR \| 78.6000 \| \| IT \| 7.0000 \| \| CN \| 5.8000 \| \| DE \| 4.4000 \| \| HU \| 4.3333 \| \| TH \| 4.2000 \| \| RU \| 3.8000 \| \| PE \| 3.5000 \| \| JP \| 2.0000 \| \| ES \| 1.7500 \| \| FR \| 1.7500 \| \| TW \| 1.5000 \| \| UK \| 1.5000 \| \| SA \| 1.3333 \| \| SE \| 1.3333 \| \| BR \| 1.2500 \| \| CA \| 1.2500 \| \| CO \| 1.2500 \| \| ID \| 1.2500 \| \| AU \| 1.0000 \| \| CL \| 1.0000 \| \| CR \| 1.0000 \| \| CY \| 1.0000 \| \| CZ \| 1.0000 \| \| DK \| 1.0000 \| \| EE \| 1.0000 \| \| IN \| 1.0000 \| \| IS \| 1.0000 \| \| MX \| 1.0000 \| \| NL \| 1.0000 \| \| NO \| 1.0000 \| \| PA \| 1.0000 \| \| PL \| 1.0000 \| \| PT \| 1.0000 \| \| RO \| 1.0000 \| \| SG \| 1.0000 \| \| SU \| 1.0000 \| \| UA \| 1.0000 \| \| VN \| 1.0000 \| +---------+-----------+ I will do a plot ASAP

By: VGR	Date: 28/12/2009 09:59:00		Type : Comment
the most problematic domain is lifezi.com (KR) which refuses to adhere to the RFC about email addresses (no abuse, no postmaster ! ) and seems infected to the bones. Thus it stays infected since some days now, while other domains have solved their problems (mwzaf.com, tropww.com, isfreeweb.com, anginbali.com, columbuskumc.org...) The US and BR lead for direct hack attempts rather than RFIs. Compromised targets are mainly in Asia-Pacific (KR, TH, CN). Abused machines in KR have the good taste trying to use KR compromised targets ;-) (lifezi.com, anykill.com, dwno.co.kr) Abused machines in the US are mainly hosting companies like uslec.net, he.net, theplanet.com, justhost.com, myhostcenter.com, gimpindistries.net and especially fileave.com In FR, OVH seems to have done some work, at last...

By: VGR	Date: 29/12/2009 18:46:00		Type : Comment
and now, keeping only the countries above a Hacktrend index of 1.0 : +---------+-----------+ \| country \| hacktrend \| +---------+-----------+ \| US \| 109.0000 \| \| KR \| 85.0000 \| \| IT \| 6.0000 \| \| CN \| 5.0000 \| \| DE \| 4.4000 \| \| TH \| 4.2000 \| \| HU \| 3.5000 \| \| RU \| 3.3333 \| \| PE \| 3.0000 \| \| AR \| 2.0000 \| \| JP \| 2.0000 \| \| ES \| 1.8000 \| \| FR \| 1.8000 \| \| TW \| 1.5000 \| \| CO \| 1.4000 \| \| UK \| 1.4000 \| \| SA \| 1.3333 \| \| SE \| 1.3333 \| \| BR \| 1.2000 \| \| CA \| 1.2000 \| \| ID \| 1.2000 \| If it were not for OVH, FR would be at zero hackability/abuseness ;-) I like especially the hacked domain "securesites.net" of NTT America ;-))

By: VGR	Date: 31/12/2009 16:17:29		Type : Comment
after nine days, the (daily mean of) Hacktrend() index is at : +---------+-----------+ \| country \| hacktrend \| +---------+-----------+ \| US \| 93.2500 \| \| KR \| 75.8750 \| \| IT \| 5.1250 \| \| CN \| 4.5714 \| \| TH \| 4.2000 \| \| DE \| 3.5714 \| \| RU \| 3.1250 \| \| HU \| 3.0000 \| \| PE \| 2.2000 \| \| AR \| 2.0000 \| \| ES \| 2.0000 \| \| FR \| 2.0000 \| \| UY \| 2.0000 \| \| JP \| 1.7500 \| \| UK \| 1.5000 \| \| TW \| 1.4000 \| \| SA \| 1.3333 \| \| SE \| 1.3333 \| \| CO \| 1.2857 \| \| CA \| 1.1667 \| \| ID \| 1.1667 \| \| BR \| 1.1429 \|

By: VGR	Date: 02/01/2010 12:08:15		Type : Comment
and the results after eleven days are... +---------+-----------+ \| country \| hacktrend \| +---------+-----------+ \| US \| 74.0000 \| \| KR \| 63.5455 \| \| TH \| 4.2000 \| \| IT \| 4.0909 \| \| CN \| 3.7778 \| \| HU \| 3.0000 \| \| RU \| 3.0000 \| \| DE \| 2.8000 \| \| ES \| 2.6000 \| \| AM \| 2.0000 \| \| UY \| 2.0000 \| \| PE \| 1.7500 \| \| FR \| 1.7000 \| \| JP \| 1.6000 \| \| BE \| 1.5000 \| \| BR \| 1.5000 \| \| UK \| 1.4286 \| \| AR \| 1.3333 \| \| CL \| 1.3333 \| \| SA \| 1.3333 \| \| SE \| 1.3333 \| \| TW \| 1.3333 \| \| CA \| 1.2500 \| \| CO \| 1.2222 \| \| ID \| 1.1250 \| I'm thinkering on the graphical plot.

By: VGR	Date: 04/01/2010 18:34:06		Type : Comment
current mean values after 13 days : +---------+-----------+ \| country \| hacktrend \| +---------+-----------+ \| US \| 71.2308 \| \| KR \| 57.9231 \| \| IT \| 3.6923 \| \| RU \| 3.3846 \| \| CN \| 3.3636 \| \| TH \| 3.2857 \| \| HU \| 3.0000 \| \| DE \| 2.6364 \| \| ES \| 2.5833 \| \| AM \| 2.0000 \| \| UY \| 2.0000 \| \| BR \| 1.9167 \| \| PE \| 1.7500 \| \| FR \| 1.6667 \| \| JP \| 1.6000 \| \| BY \| 1.5000 \| \| CA \| 1.4000 \| \| ID \| 1.4000 \| \| UK \| 1.3750 \| \| BE \| 1.3333 \| \| CL \| 1.3333 \| \| SA \| 1.3333 \| \| SE \| 1.3333 \| \| TW \| 1.2857 \| \| AR \| 1.2000 \| \| CO \| 1.2000 \| total Internet payload on 13 days : +---------+-----------+ \| country \| hacktrend \| +---------+-----------+ \| US \| 926 \| \| KR \| 753 \| \| IT \| 48 \| \| RU \| 44 \| \| CN \| 37 \| \| ES \| 31 \| \| DE \| 29 \| \| BR \| 23 \| \| TH \| 23 \| \| FR \| 20 \| \| HU \| 15 \| \| CA \| 14 \| \| ID \| 14 \| \| PE \| 14 \| \| CO \| 12 \| \| UK \| 11 \| \| SG \| 9 \| \| TW \| 9 \| \| JP \| 8 \| \| NL \| 7 \| \| AR \| 6 \| \| AU \| 6 \| \| CR \| 5 \| \| PL \| 5 \| \| VN \| 5 \| \| AM \| 4 \| \| BE \| 4 \| \| CL \| 4 \| \| CZ \| 4 \| \| RO \| 4 \| \| SA \| 4 \| \| SE \| 4 \| \| UA \| 4 \| \| UY \| 4 \| \| BG \| 3 \| \| BY \| 3 \| \| CY \| 3 \| \| DK \| 2 \| \| HK \| 2 \| \| IR \| 2 \| \| PA \| 2 \| \| PT \| 2 \| \| TR \| 2 \| \| CC \| 1 \| \| CH \| 1 \| \| EE \| 1 \| \| EG \| 1 \| \| IC \| 1 \| \| IL \| 1 \| \| IN \| 1 \| \| IS \| 1 \| \| MC \| 1 \| \| MN \| 1 \| \| MX \| 1 \| \| NO \| 1 \| \| SI \| 1 \| \| SU \| 1 \| +---------+-----------+

By: VGR	Date: 13/01/2010 13:55:20		Type : Comment
and after 22 days... the results are : +---------+-----------+ \| country \| hacktrend \| +---------+-----------+ \| US \| 53.1364 \| \| KR \| 47.1818 \| \| RU \| 3.2273 \| \| IT \| 3.1905 \| \| CN \| 3.0000 \| \| ES \| 2.8000 \| \| TH \| 2.7778 \| \| DE \| 2.3684 \| \| HU \| 2.2500 \| \| BR \| 2.1000 \| \| AM \| 2.0000 \| \| NR \| 2.0000 \| \| PK \| 2.0000 \| \| TW \| 1.9286 \| \| BY \| 1.8333 \| \| PE \| 1.6429 \| \| FR \| 1.5556 \| \| CA \| 1.5294 \| \| UA \| 1.5000 \| \| UY \| 1.5000 \| \| UK \| 1.4706 \| \| VN \| 1.4444 \| \| NL \| 1.4286 \| \| JP \| 1.3750 \| \| CO \| 1.3333 \| \| SA \| 1.3333 \| \| SE \| 1.3333 \| \| ID \| 1.2857 \| \| BE \| 1.2500 \| \| CL \| 1.2500 \| \| AR \| 1.2000 \| \| BG \| 1.1667 \| \| CZ \| 1.1667 \| \| AU \| 1.0769 \| The main difference between US and KR is that KR machines are more easily compromised (defective upload mechanisms, unsecure software) and US machines are more easily abused (hacked, zombie, worm, whatever makes them the originator IP address of the RFI attack)

Do register to be able to answer

Add This Article To:
Del.icio.us	Digg	Google	Spurl
Blink	Wong	Simpy	Y! MyWeb

Contact

page generated in 68.555120 milliseconds

Why Google AdSense ads ?

New Improved Search!