Posts tagged ‘IP’

Analysis of Black Friday Data Reveals Shift in Attack Vectors

December 8, 2014 12:08 am


Akamai can see and analyze enormous amounts of attack data during events such as Black Friday. This year they tracked requests coming into dozens of online retailers over 24 hour...

Continue Reading

SatLink and Pi Telecom to offer Cloud-based TV Everywhere platform

September 30, 2014 10:00 am

company logo

SatLink Communications has announced a partnership with Pi Telecom. Through the partnership, SatLink is expanding into the IP delivery market by bringing the best of TV online through the launch of a new End-to-End (E2E) OTT Cloud-based platform.

Following Sale To RTL, SpotXchange Partners With 2 European Networks

September 11, 2014 10:07 am


SpotXchange, the Denver-based supply-side platform (SSP) that was majority-acquired by European media company RTL Group this summer, this week made its first moves to expand in Europe
post-acquisition. SpotXchange has partnered with IP Deutschland’s Netzathleten Media and RTL Nederland’s Videostrip.

Bot Protection: How To Stop Web Bots In Their Tracks

September 3, 2014 12:00 pm


By Charlie Minesinger, Director of Sales, Distil Networks

After learning about the dangers of web bots and how they can hurt your website, your sales and your business as a whole, you’ll likely want to take every precaution possible to prevent an attack and remove bot traffic from your website. There are some steps you can take on your own like implementing CAPTCHAs on forms or blocking IP addresses, but you do not want to ruin the user experience and possibly block IP addresses of major consumer ISPs.

How to Choose a Bot Protection Solution

In order to ensure your site and business has the best protections available, it’s important to choose a solution that does not rely on IP addresses alone; provides real-time detection and mitigation (without adding even 10 milliseconds of latency); offers very high accuracy (at or above 99 percent); and learns and improves, constantly.

So, when evaluating bot protection solutions, you’ll want to look for these items:

  • Multiple detection technologies – A truly comprehensive bot prevention tool won’t just offer one or two layers of protection for your site, but will employ a wide range of technologies – javascripts, statistical methods, artificial intelligence (or support vector machine), user-agent validation, rate limits based on Unique ID, geographic analysis, and a network learning capability.
  • Constantly improving – The key to a great bot protection solution relies on R&D and network learning processes. Maintaining a shared database with a Unique ID for each bot, so bots can be detected immediately before any bot activity reaches your webservers. The best bot protection solutions are also constantly evolving and investing in R&D to maintain an edge in the “arms race” of website security.
  • Ability to target all kinds of bots – If you really want to protect your website, then you’ll need a solution that targets not just one type of bot, but all of them. An effective bot protection tool should protect against content theft and duplication, click fraud, traffic fraud, comment spam, server slowdowns, and any other attacks a bot could deliver.

You can find efficient, comprehensive solutions for blocking bots and protecting your website with Distil Networks. Distil’s protection service eliminates content theft, stops fraud bots, and alerts you to any and all potential bot attacks; in fact, Distil identifies 99.9 percent of bot page requests in real time. To learn more about Distil Networks, visit or contact the Distil team today.

Linux Systems Exploited for DDoS Attacks

September 3, 2014 7:56 am


Linux users have a new threat to worry about.

According to Akamai’s Prolexic Security Engineering Research Team (PLXsert), the bad guys have discovered a weakness in Linux systems they can exploit to expand their botnets and launch DDoS attacks. PLXsert released an advisory outlining the danger this morning.

  • The full advisory is available HERE.
  • Also read Akamai Security Advocate Dave Lewis’ CSOonline blog post about the threat.

The favored target in this attack is the entertainment industry, though other business sectors are at risk.

In this attack scenario, vulnerable Linux systems are infected with IptabLes and IptabLex malware. Attackers manage to compromise large numbers of Linux systems by exploiting vulnerabilities in Apache Struts, Tomcat and Elasticsearch.

Attackers use the Linux vulnerabilities on unmaintained servers to gain access, escalate privileges to allow remote control of the machine, then drop the malware into the system. This allows them to hijack those systems, which are then pulled into botnets used to launch DDoS attacks.

Stuart Scholly, senior vice president and general manager of Akamai’s Security Business Unit, calls this a significant development because the Linux operating system is rarely used in DDoS botnets.

“Linux admins need to know about this threat to take action to protect their servers,” he said.

Here are some of the raw details from the advisory:

A post-infection indication is a payload named .IptabLes or. IptabLex located in the /boot directory. These script files run the .IptabLes binary on reboot. The malware also contains a self-updating feature that causes the infected system to contact a remote host to download a file. In the lab environment, an infected system attempted to contact two IP addresses located in Asia.

Command and control centers (C2, CC) for IptabLes and IptabLex are currently located in Asia. Infected systems were initially known to be in Asia; however, more recently many infections were observed on servers hosted in the U.S. and in other regions. In the past, most DDoS bot infections originated from Russia, but now Asia appears to be a significant source of DDoS development.

Patching and hardening Linux servers and antivirus detection can prevent an IptabLes or IptabLex infestation on Linux systems. Meanwhile, PLXsert is providing customers with bash commands to clean infected systems.
PLXsert also shares a YARA rule in the threat advisory to identify the ELF IptabLes payload used in an observed attack campaign.

The FBI is tracking Tor users with spyware and a new kind of warrant

August 5, 2014 2:21 pm


Tor has been a thorn in the side of law enforcement for years now, but new work from Wired‘s Kevin Poulsen shows the FBI has found a new way to track users across the network. Poulsen looks at the 2012 case of Aaron McGrath, who agents found hosting child pornography on a network of servers in Nebraska. Looking to expand on the bust, agents got a warrant to track anyone who visited the website at its Tor address, and infected servers with tracking malware to identify the root IP of anyone who visited the site. As a result, agents were able to track at least 25 users back to home addresses and subscriber names.