Bots - where are they coming from?

Human versus bots and botnets

Geolocation of machines (not of attacks) that have intended a bad action against a website.
The above illustration is refreshed every hour, based on data collected from a real live website having around 10 000 visitors per day. Data is kept for a duration depending on the importance of action. For instance, if a script kiddie is trying to download all your webpages using an automated tool, IP will be kept for only a few hours/days. If a botnet is doing a ddos, IPs will be remembered for a few days. The duration can be up to 1 year for intrusion detection or recurrent access from a server. The values exclude friendly bots that respect the robots.txt file.
Identified machines include the following: A machine identified in a country does not mean that an attack is coming from this country, the attack can be initiated by another country. This is especially true for attacks using botnets (multiple machines).