In looking at my website hit logs I realize that over the past week I’ve had repeated hits from qq829.com, apparently originating from various provinces in China. The referring link seems to always be www.qq829.com/web_stat.asp?dn=www.joelwnelson.com which at first glance indicates a stats module, but considering I don’t have any stats hosted by them, I immediately guessed malicious activity.

Turns out I was right.  First, I visited the URL in question and copied the source code.  Then I ran the source code through Google Translate.  Sure enough, multiple references to hacking, and message snippets intended to inject spam text into the site.

(click here to see the code)

Next, because these attempts have been coming from all around China, and not from just one IP address, I made the decision to block all traffic coming from China.  I also noticed that some other sites I manage were receiving similar hits, so I have also blocked traffic from China on those sites as well (this includes the websites for Cornhusker Tech and Grace Reformed Church). Other client sites still have open access from China but this can be turned off (blocked) by request.

Again, until further notice, this site and others I manage will not be reachable from China. Because the locations and IP ranges of these hackers/spammers are widespread, I have no other choice but to block the entire country.

For others who would like to do the same, here is some text to copy and paste into your .htaccess file so as to block all Chinese traffic. Credit to blockacountry.com and okean.com for info on how to do this!