Bots - where are they coming from?
Human versus bots and botnetsGeolocation of machines (not of attacks) that have intended a bad action against a website. The above illustration is refreshed every hour, based on data collected from a real live website having around 10 000 visitors per day. Data is kept for a duration depending on the importance of action. For instance, if a script kiddie is trying to download all your webpages using an automated tool, IP will be kept for only a few hours/days. If a botnet is doing a ddos, IPs will be remembered for a few days. The duration can be up to 1 year for intrusion detection or recurrent access from a server. The values exclude friendly bots that respect the robots.txt file.
Identified machines include the following:
- Useless search engine bots
- Useless bots that harvest for brand detection or SEO
- Email harvesters
- Spie detection (bots that want to identify site structure and vulnerabilities)
- Comment spam bots
- Hacking tool usage
- Machine identified as a botnet member during a DDOS
- Machine used for many login attempts to identify passwords through brute force
- Machine used for intrusion attempt