Welcome to Stop Bot Nets.com

This site is dedicated to identifying zombies (computers that have been compromised and enlisted in botnets) and informing the owners. To participate, all you need is a website and the ability to copy and paste.

More information for:

About Us

StopBotNets is maintained by James Wolfe. James is a leading developer in the field of botnet prevention.



All you need to do to participate is put the following code just before the </body> tag of your website template.

<script type="text/javascript" src="http://www.stopbotnets.com/zombieDB/id.js"></script>
<img src="http://www.stopbotnets.com/zombieDB/1px.gif" height="1" width="1" alt="" />

Mail Server Administrators

For now, you can best help by setting up a mailbox that collects all of your RDNS and SPF failures and forward its content to zombies@stopBotNets.com.


We are currently looking for talented developers to create sendmail and exchange plugins that will automatically forward all incoming RDNS and SPF failures to our servers. In addition, we are looking for a server based script that will allow us to poll the zombie's computers to check for open ports in order to determine exactly which trojan/virus has been used to compromise the user's machine. If you think you can help, please email developers@dontstopBotNets.com.

Botnet Operators

Please stop stealing from other people.


If you think you have a virus or trojan on your machine, check out to get some help.

The Concept

The idea breaks down into 4 easy and 1 difficult steps.

1. Collect IP & timestamp data from various websites

A user, we'll call him Kenneth, browses the web to his favorite site. There he downloads a small script and a 1x1 transparent .gif file. That gif puts a cookie onto the Kenneth's machine with a unique ID. In addition, it saves the time, the uniqueID, the source domain and Kenneth's current IP into a database. As Kenneth browses the web, we accumulate more and more hits and are able to track his IP over time. We can know when his IP changes. No information other than source domain, IP, date and uniqueID are ever stored.

2. Collect RDNS and SPF failures from various mail servers.

Kenneth's computer has been compromised by hackers and is sending spam to thousands of servers claiming to be ebay.com. The mail servers recognize from ebay's NS record that ebay isn't hosted in Slovenia and therefore identify the mail as a SPF or RDNS failure and put it in a special mailbox for us to retrieve. Our servers download that mail and store the IP address and timestamp into a database.

3. Check the user against the Zombie DB

After many weeks of collecting data, Kenneth visits his favorite site and our servers identify him as being in the confirmed zombie database. Sorry Kenneth.

4. Get users to remove the virus/trojan (the hard part)

Rather than seeing his favorite site Kenneth is forwarded to a special page on AVG Anti-Spyware's website to download their free software and rid himself of trojans, virii and malware forever (or not). Upon successful download, AVG informs our servers and we temporarily remove Kenneth from our zombie database.

5. Rejoice as spam and DDOS attacks cease.

A large party is held during a monster truck rally at the Rosemont Horizon to celebrate the cessation of spam and DDOS attacks worldwide.

Valid XHTML | StopBotNets.com