Welcome to WebmasterWorld Guest from 54.161.64.174

Forum Moderators: phranque

Message Too Old, No Replies

Hacking attempt or legitimate visitors

How to find out?

     
4:52 pm on Sep 6, 2005 (gmt 0)

10+ Year Member



I have a small website with 300-600 page views per day for nearly 8 months. For the last 6 hours , I have been getting 300 page views per hour for page abc.html . All these abnormal referrals are from google.de for a search string for which i am #1 (number of searches on overture =zero) . my error logs also show a string abc.html+-+15k. When I asked my hosting company to stop this attack, they say that your website is ranking high for this search term and all these visitors are legitimate. They also say that I will be charged for the extra bandwidth consumed.
How do i prove that it is hacking attempt and take action?
5:38 pm on Sep 6, 2005 (gmt 0)

5+ Year Member



Hi,

I have had a similar problem with one of my web sites. In my case, I am fairly certain that it is was a fake traffic based on three things.

#1 - My Adsense CTR for that page was exactly 10%. (That's not very close to my average.)

#2 - None of the visitors went to any other pages.

#3 - Visitors came in six minutes intervals.

What you should do is download and analyze your raw access logs. Look to see if any of the visitors did anything besides visit page abc.html. Also, look at the time intervals between each visit.

Having visitors come exactly six minutes apart from one search engine using the same exact same search phrase for five hours straight is not normal behavior.

Also, make a quick list of 25-50 suspicious IP numbers and try to determine where they are originate from. In my case, I traced many of the IP numbers back to open proxies.

6:34 pm on Sep 6, 2005 (gmt 0)

WebmasterWorld Senior Member jomaxx is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I wouldn't characterize it as "hacking" or an "attack". 300 pageviews an hour isn't that much activity - one normal visitor could use up more bandwidth. This is probably just a misbehaving bot, annoying but common and fairly harmless. I see these on my site literally every day.

If you have access to .htaccess files, you can ban the traffic by IP address or by browser ID or by referring page. That should handle your bandwidth concerns.

P.S. If the IP addresses and browser IDs are diverse, you should consider the possibility that the traffic really is genuine. Maybe some high-traffic site happened to link to the Google search for this phrase.

2:17 am on Sep 7, 2005 (gmt 0)

10+ Year Member



they are coming from a different IPs and different browsers, so I cant ban using .htaccess

the attacks were exactly 5 times a minute, continuously for 7 hours

the visitor did not go beyond a single page

the phrase is the name of Turkish lady, I dont think any humans are searching continuously for the information

I had adsense on that page, when I realised that someone was attacking the page, I removed the page to stop bandwidth usage.
Now I can only hope that i am not banned from Adsense

2:44 am on Sep 7, 2005 (gmt 0)

WebmasterWorld Senior Member jomaxx is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Just reiterating that if it happens again, you can also block access by referring page. Same principle as blocking image hotlinking.

You might want to contact Google proactively if you haven't already done so. Normally a spider wouldn't generate AdSEnse impressions or clicks, but it's possible.

3:59 pm on Sep 7, 2005 (gmt 0)

10+ Year Member



I have already contacted google. The number of visitors has reduced. Thanks for all your replies.How does one trace proxies accurately?
 

Featured Threads

Hot Threads This Week

Hot Threads This Month