1 hour ago · Life · hide · 0 comments

The scraping problem is worse than anyone can imagine and thanks to my friends at Sourceware we have some real data to prove it. I've been working more on Anubis' reputation database and I've run into a really weird discovery: 80-90% of the hits created by the honeypot feature are from IP addresses that do not belong to any existing threat monitoring lists. Here's a breakdown of the honeypot hits Sourceware has gotten in the last few months: Assessment of ./data/manually-submitted/sourceware/202607141625.txt against ./var/reputationdb.mmdb In case this interests you, I have put the full tables in Appendix A: Full tables for the reputation database input. FieldValuelines read2678193skipped (non-IP):0skipped (dupe):0unique IPs:2678193flagged (in db):286161 (10.7%)clean (not in):2392032 (89.3%) Flags (of flagged addresses) FlagUnique IPsShareis_vpn12640.4%is_datacenter79182.8%is_crawler460.0%is_proxy25620.9% Categories (6 distinct, of flagged addresses) CategoryUnique…

No comments yet. Log in to reply on the Fediverse. Comments will appear here.