23
Jul
08

Interesting Site Part 2

In total, the site I mentioned yesterday had over 450,000 proxies tucked away in text files. I thought a long time about adding that stuff to the database, but on closer inspection it looked like mostly junk.

I know. I’ve said it a hundred times. The database has mostly junk in it already. I just can’t see tripling the size of it with this particular junk. There are far too many oddball ports for my taste. And there are IPs with 4 or more different ports listed. No, it just doesn’t look right.

I had an idea to just run through it and find any and all open ports in that list and to Hell with the rest, so I cooked up some quick bash kiddie scripts and ran with it… for about five minutes. It simply ran too fast. That kind of activity throws up red flags, so I shut it down and backed off. But still… it’s tempting. If the numbers I’ve run across are any indication, there could be anywhere from 300 to 600 live proxies in all that mess. I may chop it down into smaller files and give it another whack sometime. A slow, leisurely, measured whack. Or rather, whacks. Spread out over a few months. Sounds like a weekend project.

The other interesting thing about that site was 14 million email addresses stuffed into .RAR archives (I didn’t count them but the filenames themselves indicated the total numbers).

OK, so we have:

An “abandoned” Web site with…
14 million email addresses, and…
nearly half a million proxy addresses
Hmmm… ya think maybe there was some spamming going on here?

Those half a million proxies could have been a rented bot army, which would account for the oddball port numbers. The bot theory is good because I randomly tested a handfull and found live hosts with closed ports. And the ones I tested all had ISP type DNS names.

You certainly can find some peculiar things on the Intertubes!

Advertisements

0 Responses to “Interesting Site Part 2”



  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


Archives

Advertisements

%d bloggers like this: