In this case, a client IP at a very large software company is infected and attempted to issue tens of thousands of login POST requests through our proxies to Megaupload servers (and others such as Rapidshare, Hotfiles, and Yahoo webmail) using the "Googlebot" user-agent. Note: URL parameter values have been stripped from the URLs in our database. This particular client IP is not listed in any IP blacklists (checked using rbls.org). Very often IP blacklists list client IP addresses visible from the server perspective - in this case, it would have been our proxy IP if we let these transactions through. Our database provides a bit of a different perspective from many of these existing blacklists, in that we are listing abusive clients that are using proxies.The goal of this free service is to provide those interested (ISPs, companies/organizations, security professionals, etc.) with this data to identify and clean-up clients that are participating in this form of abuse. Clients leverage proxies to distribute and/or mask their origin when conducting forms of abuse, such as:
- Brute-force web-based logins
- Search Engine Optimization (SEO)
- Forum spamming
- Pay-per action cheating
- Open proxy scanning
- Bulk account registration
- Site popularity / voting inflation
- other forms of abuse (DDoS and web-site scraping)
The idea for this service stemmed from two Zscaler blog posts:
We attempted to remove anything that we deemed to be a false-positive of abuse, but since this listing based on a few things like regular expressions and behavioral patterns it is still possible that the database contains false-positives. Use this information at your own discretion.
Posts
0 comments:
Post a Comment