IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [botnet]

A botnet is a collection of computers that are under the control of a person or group, usually facilitated by malware. These computers are often used to take part in DDoS attacks and spamming.

162 questions
85
votes
10 answers

How and why is my site being abused?

I own a popular website that allows people to enter a phone number and get information back about that phone number, such as the name of the phone carrier. It's a free service, but it costs us money for each query so we show ads on the site to help…
Marc
  • 699
  • 1
  • 4
  • 4
82
votes
5 answers

Email Account under attack (really) - anything I can do?

Over the last week, there is a constant barrage of authentication failures to my email account from a variety of ip addresses - usually in blocks of exactly 575 attempts. My password is as strong as a password can be so the chance of brute force…
clemdia
  • 831
  • 1
  • 5
  • 7
48
votes
5 answers

I managed to capture a botnet control host, what do I do with it?

A few days ago one of my webhosting customers had their FTP login compromised, and the attacker modified his index.php file to include some extra code, and roughly twelve thousand other bots have been trying to access it via a POST operation…
Shadur
  • 2,495
  • 21
  • 19
30
votes
10 answers

Received email from ISP saying one of my devices has malware

My dad received a suspicious email from our ISP (mtnl.net.in). The email was from noreply@mtnl.net.in and it had our user ID (I masked it as xxxxxxxx@a) in the email so it must have come from the ISP itself. Email details below: Subject: "Intimation…
Nigel Fds
  • 453
  • 4
  • 11
27
votes
2 answers

How is Google abused for DDoS attacks?

While analysing a DDoS attack on my site using CloudFlare console, I've noticed that many attack requests come from AS139190 GOOGLE-AS-AP Google Asia Pacific Pte. Ltd. with Empty user agent. I'm wondering how Google is exploited to attack my site?
blnks
  • 383
  • 2
  • 7
25
votes
5 answers

How is IRC so secure/untraceable that hackers and pirates use it to communicate?

What is so special about IRC that hackers use it to do online meetings, ignoring every other option, like messengers or social media? It seems to be very secure that it gets used to send commands to victim's computers instead of just sending them…
Ulkoma
  • 8,793
  • 16
  • 65
  • 95
23
votes
10 answers

How do I know if my computer is being used for a botnet-based DDoS attack?

A botnet is a collection of compromised computers, each of which is known as a 'bot', connected to the Internet. When a computer is compromised by an attacker, there is often code within the malware that commands it to become part of a…
Diogo
  • 657
  • 2
  • 5
  • 10
21
votes
4 answers

What are spambots doing with unintelligible login attempts?

After constantly being under attack in phpBB, I created a new forum by hand, which successfully prevents spam bots from registering, and I get a report for every failed login attempt, telling me the info they tried, their IP address, whether they're…
Alex
  • 311
  • 2
  • 4
19
votes
2 answers

How secure is Stack Exchange's reputation?

I recently read an article about researchers being able to penetrate the Facebook network and making lots of friends with about 100 "Social" bots. What would prevent somebody to do the same on Stack Exchange sites, so as to increase his reputation?…
user1202136
  • 595
  • 4
  • 8
15
votes
1 answer

Should a server be considered compromised simply because a port was open?

Earlier today I received a notification of a security incident at Mandrill. At first I was concerned, but then after I dove into the details I became confused as to why they considered this noteworthy at all. To summarize, it appears that Mandrill…
Michael Hampton
  • 3,877
  • 1
  • 22
  • 32
15
votes
6 answers

Why do botnets use IRC but not a web service for communication?

IRC seems still the most prominent way for communication within botnets. Why do attackers choose IRC? In my (very naive) opinion, to set up a web service is far more easier.
user1221
15
votes
3 answers

Are HTTP brute-force password-guessing attacks common nowadays?

Are brute-force attacks against online accounts (gmail, facebook, instagram) something that really happens? I don't mean something like cracking password hashes or DDoS, but real brute-force attacks (e.g., password guessing) using a botnet or…
Martin
  • 535
  • 3
  • 11
14
votes
4 answers

Looking for botnet IP address feeds to protect against DDoS

I would like to get a live feed of botnet IP addresses delivered from a service and block them under certain conditions. Preferably community based/open source but open to looking at worthy commercial ones too. So far I have come across dshield…
shavian
  • 149
  • 1
  • 1
  • 4
12
votes
1 answer

Can/do botnets brute force "high value" users of services like Gmail?

On an intranet a login is generally disabled after a very small number of failed logins. But a public email service like Gmail can't do the same, otherwise pranksters would just be continuously locking people out. Unlike brute forcing a password…
George Hawkins
  • 1,135
  • 8
  • 11
11
votes
4 answers

Can I protect my router from a Mirai Worm and how do I know if I'm vulnerable?

Today this article was published by the BBC: Talk Talk and Post Office routers hit by cyber-attack. It states: It involves the use of a modified form of the Mirai worm - a type of malware that is spread via hijacked computers, which causes damage…
User1
  • 3,041
  • 5
  • 23
  • 30
1
2 3
10 11