Welcome to Geeklog, Anonymous Wednesday, June 19 2024 @ 10:20 am EDT

Geeklog Forums

Site getting hit.


Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
Is anyone else's Geeklog site (especially the forum) getting to many pageviews yesterday and today? On average for every unqiue user I get 4 page views. Today the average is 8 and according to GUS it is happening from a large number of IPs that are located in China, Russia, and the United States. I am use to having 25 or so IPs doing this everyday but today it is about 200 and none of the IP's have a Referrer.

Here are the first 2 pages of my GUS stats for today with page views as the sort order (I took out Yahoo and Googlebot):

Page Views HOST
313 ----- 211.239.124.90 00:16
143 ----- 41.214.66.203 08:04
132 ----- 66-169-164-211.dhcp.ftwo.tx.charter.com 12:55
114 ----- 116.228.234.151 00:02
112 ----- 84.22.140.88 00:00
97 ----- n11923634116.netvigator.com 00:05
96 ----- 71-81-209-108.dhcp.stls.mo.charter.com 00:55
96 ----- 24-107-159-205.dhcp.stls.mo.charter.com 00:22
91 ----- c-24-21-196-136.hsd1.or.comcast.net 00:24
91 ----- 222.134.69.181 00:21
91 ----- c-68-35-210-84.hsd1.al.comcast.net 00:10
85 ----- 75.63.14.63 05:33
84 ----- 173-22-106-92.client.mchsi.com 00:44
80 ----- adsl-71-136-244-107.dsl.sndg02.pacbell.net 00:01
79 ----- 218.25.99.135 00:22
75 ----- adsl-76-214-117-66.dsl.ipltin.sbcglobal.net 00:19
74 ----- c-67-174-111-74.hsd1.co.comcast.net 00:20
73 ----- ool-43561c0a.dyn.optonline.net 03:53
72 ----- 194.8.75.50 07:17
72 ----- 8.9.209.2 00:36
71 ----- 116.71.89.189.cliente.interjato.com.br 08:51
71 ----- cpe-65-29-110-184.mi.res.rr.com 02:50
68 ----- c-24-126-50-249.hsd1.md.comcast.net 00:58


67 ----- 62.38.34.218 00:05
66 ----- 193.239.178.194 05:31
66 ----- 219.150.227.101 00:25
65 ----- 60.18.168.172 02:26
65 ----- 75-135-132-235.dhcp.trcy.mi.charter.com 00:55
65 ----- c-67-170-170-67.hsd1.or.comcast.net 00:35
65 ----- ool-45706318.dyn.optonline.net 00:34
65 ----- 201.45.142.178 00:12
65 ----- 93.174.93.58 00:06
64 ----- c-24-30-83-34.hsd1.ga.comcast.net 00:27
64 ----- c-68-49-14-71.hsd1.md.comcast.net 00:22
64 ----- e106.dunet.com.br 00:19
63 ----- bakuganbestprice.com 00:39
62 ----- 68-117-11-98.dhcp.fdul.wi.charter.com 06:23
62 ----- 59.77.6.183 01:58
61 ----- ool-18be4e65.dyn.optonline.net 00:12
61 ----- wall.zjnb.cnuninet.net 00:06
60 ----- c-24-125-126-143.hsd1.va.comcast.net 06:37
60 ----- cpe-68-173-126-40.nyc.res.rr.com 05:30
60 ----- 66.96.251.178.volumedrive.com 02:09
59 ----- 39.65.153.219.broad.cq.cq.dynamic.163data.com.cn 00:26
58 ----- 41.214.119.84 08:20
58 ----- 218.248.31.211 02:45
58 ----- aworklan020043.netvigator.com 00:16
53 ----- 66-168-50-250.dhcp.mdsn.wi.charter.com 14:23
One of the Geeklog Core Developers.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Did you check your webserver logs to see the actual URLs requested? We're still getting a lot of those inclusion attempts (where the "attacker" simply puts a URL for some URL parameter and hopes that the script at the other end gets executed). On a bad day, those can make up to 30% of our hits ...

Another case of spikes comes when a vulnerability is found in some other webapp. I stopped counting the attempts to exploit some Joomla issue here on geeklog.net.

bye, Dirk
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
I guess today and the last few days have been bad days then as a third of my traffic at the moment is this type of traffic. I am use to this figure being around 10 percent.

I'll have to look at the web logs as you suggest to get more details. From what I can tell with GUS most of the IPs are spidering my site by grabing a couple of pages every 10 minutes.

One interesting thing to note is Google Analytics seems to recognize the traffic as garbage and does not track it.
One of the Geeklog Core Developers.
 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
Are you running Badbehavior plugin?

You may check the domains with Google: http://www.google.de/search?q=211.239.124.90
 Quote

Status: offline

scarecrow

Forum User
Junior
Registered: 10/24/07
Posts: 33
Here in the last week my MFU (Most Frequent User) seems to be our friend from China, SosoSpider. The site has been getting 200-300 hits per day from various IP's in the 124.115.*.* range. Every visit is the same, 2 GET's and 2 HEAD's on index.php. They all made it under the BB/Spam-x radar, but good ol' .htaccess stop's 'em cold. Razz

(btw: 'MFU' _may_ have a differrent meaning here in the shop. ) :wink:
 Quote

All times are EDT. The time is now 10:20 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content