Those Stealthy Botnets
a year ago
- #EmailSecurity
- #Botnets
- #Cybersecurity
- Botnets persistently attack email servers for spam, often failing but remaining a nuisance.
- A shady market exists where app developers are paid to include 'peer to peer proxy' libraries in apps, turning users' devices into botnets without their knowledge.
- These botnets use thousands of IPs, making single attempts per IP per day to avoid detection by systems like fail2ban.
- The author blocks these IPs manually, collecting around 50k blocked addresses, mostly IPv4.
- Attempts to block entire ASNs (Autonomous System Numbers) proved ineffective due to the wide distribution of attacking IPs.
- A daily cronjob checks logs for attackers, emailing the author commands to block new IPs, providing insight into attack waves.