homepage Welcome to WebmasterWorld Guest from 54.166.255.168
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Hacking attempt or legitimate visitors
How to find out?
caran1

5+ Year Member



 
Msg#: 9713 posted 4:52 pm on Sep 6, 2005 (gmt 0)

I have a small website with 300-600 page views per day for nearly 8 months. For the last 6 hours , I have been getting 300 page views per hour for page abc.html . All these abnormal referrals are from google.de for a search string for which i am #1 (number of searches on overture =zero) . my error logs also show a string abc.html+-+15k. When I asked my hosting company to stop this attack, they say that your website is ranking high for this search term and all these visitors are legitimate. They also say that I will be charged for the extra bandwidth consumed.
How do i prove that it is hacking attempt and take action?

 

dial_d

5+ Year Member



 
Msg#: 9713 posted 5:38 pm on Sep 6, 2005 (gmt 0)

Hi,

I have had a similar problem with one of my web sites. In my case, I am fairly certain that it is was a fake traffic based on three things.

#1 - My Adsense CTR for that page was exactly 10%. (That's not very close to my average.)

#2 - None of the visitors went to any other pages.

#3 - Visitors came in six minutes intervals.

What you should do is download and analyze your raw access logs. Look to see if any of the visitors did anything besides visit page abc.html. Also, look at the time intervals between each visit.

Having visitors come exactly six minutes apart from one search engine using the same exact same search phrase for five hours straight is not normal behavior.

Also, make a quick list of 25-50 suspicious IP numbers and try to determine where they are originate from. In my case, I traced many of the IP numbers back to open proxies.

jomaxx

WebmasterWorld Senior Member jomaxx us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 9713 posted 6:34 pm on Sep 6, 2005 (gmt 0)

I wouldn't characterize it as "hacking" or an "attack". 300 pageviews an hour isn't that much activity - one normal visitor could use up more bandwidth. This is probably just a misbehaving bot, annoying but common and fairly harmless. I see these on my site literally every day.

If you have access to .htaccess files, you can ban the traffic by IP address or by browser ID or by referring page. That should handle your bandwidth concerns.

P.S. If the IP addresses and browser IDs are diverse, you should consider the possibility that the traffic really is genuine. Maybe some high-traffic site happened to link to the Google search for this phrase.

caran1

5+ Year Member



 
Msg#: 9713 posted 2:17 am on Sep 7, 2005 (gmt 0)

they are coming from a different IPs and different browsers, so I cant ban using .htaccess

the attacks were exactly 5 times a minute, continuously for 7 hours

the visitor did not go beyond a single page

the phrase is the name of Turkish lady, I dont think any humans are searching continuously for the information

I had adsense on that page, when I realised that someone was attacking the page, I removed the page to stop bandwidth usage.
Now I can only hope that i am not banned from Adsense

jomaxx

WebmasterWorld Senior Member jomaxx us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 9713 posted 2:44 am on Sep 7, 2005 (gmt 0)

Just reiterating that if it happens again, you can also block access by referring page. Same principle as blocking image hotlinking.

You might want to contact Google proactively if you haven't already done so. Normally a spider wouldn't generate AdSEnse impressions or clicks, but it's possible.

caran1

5+ Year Member



 
Msg#: 9713 posted 3:59 pm on Sep 7, 2005 (gmt 0)

I have already contacted google. The number of visitors has reduced. Thanks for all your replies.How does one trace proxies accurately?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved