Welcome to Geeklog, Anonymous Monday, December 30 2024 @ 12:30 pm EST
Geeklog Forums
Site getting hit.
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
Is anyone else's Geeklog site (especially the forum) getting to many pageviews yesterday and today? On average for every unqiue user I get 4 page views. Today the average is 8 and according to GUS it is happening from a large number of IPs that are located in China, Russia, and the United States. I am use to having 25 or so IPs doing this everyday but today it is about 200 and none of the IP's have a Referrer.
Here are the first 2 pages of my GUS stats for today with page views as the sort order (I took out Yahoo and Googlebot):
Page Views HOST
313 ----- 211.239.124.90 00:16
143 ----- 41.214.66.203 08:04
132 ----- 66-169-164-211.dhcp.ftwo.tx.charter.com 12:55
114 ----- 116.228.234.151 00:02
112 ----- 84.22.140.88 00:00
97 ----- n11923634116.netvigator.com 00:05
96 ----- 71-81-209-108.dhcp.stls.mo.charter.com 00:55
96 ----- 24-107-159-205.dhcp.stls.mo.charter.com 00:22
91 ----- c-24-21-196-136.hsd1.or.comcast.net 00:24
91 ----- 222.134.69.181 00:21
91 ----- c-68-35-210-84.hsd1.al.comcast.net 00:10
85 ----- 75.63.14.63 05:33
84 ----- 173-22-106-92.client.mchsi.com 00:44
80 ----- adsl-71-136-244-107.dsl.sndg02.pacbell.net 00:01
79 ----- 218.25.99.135 00:22
75 ----- adsl-76-214-117-66.dsl.ipltin.sbcglobal.net 00:19
74 ----- c-67-174-111-74.hsd1.co.comcast.net 00:20
73 ----- ool-43561c0a.dyn.optonline.net 03:53
72 ----- 194.8.75.50 07:17
72 ----- 8.9.209.2 00:36
71 ----- 116.71.89.189.cliente.interjato.com.br 08:51
71 ----- cpe-65-29-110-184.mi.res.rr.com 02:50
68 ----- c-24-126-50-249.hsd1.md.comcast.net 00:58
67 ----- 62.38.34.218 00:05
66 ----- 193.239.178.194 05:31
66 ----- 219.150.227.101 00:25
65 ----- 60.18.168.172 02:26
65 ----- 75-135-132-235.dhcp.trcy.mi.charter.com 00:55
65 ----- c-67-170-170-67.hsd1.or.comcast.net 00:35
65 ----- ool-45706318.dyn.optonline.net 00:34
65 ----- 201.45.142.178 00:12
65 ----- 93.174.93.58 00:06
64 ----- c-24-30-83-34.hsd1.ga.comcast.net 00:27
64 ----- c-68-49-14-71.hsd1.md.comcast.net 00:22
64 ----- e106.dunet.com.br 00:19
63 ----- bakuganbestprice.com 00:39
62 ----- 68-117-11-98.dhcp.fdul.wi.charter.com 06:23
62 ----- 59.77.6.183 01:58
61 ----- ool-18be4e65.dyn.optonline.net 00:12
61 ----- wall.zjnb.cnuninet.net 00:06
60 ----- c-24-125-126-143.hsd1.va.comcast.net 06:37
60 ----- cpe-68-173-126-40.nyc.res.rr.com 05:30
60 ----- 66.96.251.178.volumedrive.com 02:09
59 ----- 39.65.153.219.broad.cq.cq.dynamic.163data.com.cn 00:26
58 ----- 41.214.119.84 08:20
58 ----- 218.248.31.211 02:45
58 ----- aworklan020043.netvigator.com 00:16
53 ----- 66-168-50-250.dhcp.mdsn.wi.charter.com 14:23
One of the Geeklog Core Developers.
Here are the first 2 pages of my GUS stats for today with page views as the sort order (I took out Yahoo and Googlebot):
Page Views HOST
313 ----- 211.239.124.90 00:16
143 ----- 41.214.66.203 08:04
132 ----- 66-169-164-211.dhcp.ftwo.tx.charter.com 12:55
114 ----- 116.228.234.151 00:02
112 ----- 84.22.140.88 00:00
97 ----- n11923634116.netvigator.com 00:05
96 ----- 71-81-209-108.dhcp.stls.mo.charter.com 00:55
96 ----- 24-107-159-205.dhcp.stls.mo.charter.com 00:22
91 ----- c-24-21-196-136.hsd1.or.comcast.net 00:24
91 ----- 222.134.69.181 00:21
91 ----- c-68-35-210-84.hsd1.al.comcast.net 00:10
85 ----- 75.63.14.63 05:33
84 ----- 173-22-106-92.client.mchsi.com 00:44
80 ----- adsl-71-136-244-107.dsl.sndg02.pacbell.net 00:01
79 ----- 218.25.99.135 00:22
75 ----- adsl-76-214-117-66.dsl.ipltin.sbcglobal.net 00:19
74 ----- c-67-174-111-74.hsd1.co.comcast.net 00:20
73 ----- ool-43561c0a.dyn.optonline.net 03:53
72 ----- 194.8.75.50 07:17
72 ----- 8.9.209.2 00:36
71 ----- 116.71.89.189.cliente.interjato.com.br 08:51
71 ----- cpe-65-29-110-184.mi.res.rr.com 02:50
68 ----- c-24-126-50-249.hsd1.md.comcast.net 00:58
67 ----- 62.38.34.218 00:05
66 ----- 193.239.178.194 05:31
66 ----- 219.150.227.101 00:25
65 ----- 60.18.168.172 02:26
65 ----- 75-135-132-235.dhcp.trcy.mi.charter.com 00:55
65 ----- c-67-170-170-67.hsd1.or.comcast.net 00:35
65 ----- ool-45706318.dyn.optonline.net 00:34
65 ----- 201.45.142.178 00:12
65 ----- 93.174.93.58 00:06
64 ----- c-24-30-83-34.hsd1.ga.comcast.net 00:27
64 ----- c-68-49-14-71.hsd1.md.comcast.net 00:22
64 ----- e106.dunet.com.br 00:19
63 ----- bakuganbestprice.com 00:39
62 ----- 68-117-11-98.dhcp.fdul.wi.charter.com 06:23
62 ----- 59.77.6.183 01:58
61 ----- ool-18be4e65.dyn.optonline.net 00:12
61 ----- wall.zjnb.cnuninet.net 00:06
60 ----- c-24-125-126-143.hsd1.va.comcast.net 06:37
60 ----- cpe-68-173-126-40.nyc.res.rr.com 05:30
60 ----- 66.96.251.178.volumedrive.com 02:09
59 ----- 39.65.153.219.broad.cq.cq.dynamic.163data.com.cn 00:26
58 ----- 41.214.119.84 08:20
58 ----- 218.248.31.211 02:45
58 ----- aworklan020043.netvigator.com 00:16
53 ----- 66-168-50-250.dhcp.mdsn.wi.charter.com 14:23
One of the Geeklog Core Developers.
12
15
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Did you check your webserver logs to see the actual URLs requested? We're still getting a lot of those inclusion attempts (where the "attacker" simply puts a URL for some URL parameter and hopes that the script at the other end gets executed). On a bad day, those can make up to 30% of our hits ...
Another case of spikes comes when a vulnerability is found in some other webapp. I stopped counting the attempts to exploit some Joomla issue here on geeklog.net.
bye, Dirk
Another case of spikes comes when a vulnerability is found in some other webapp. I stopped counting the attempts to exploit some Joomla issue here on geeklog.net.
bye, Dirk
13
11
Quote
Status: offline
Laugh
Site Admin
Admin
Registered: 09/27/05
Posts: 1470
Location:Canada
I guess today and the last few days have been bad days then as a third of my traffic at the moment is this type of traffic. I am use to this figure being around 10 percent.
I'll have to look at the web logs as you suggest to get more details. From what I can tell with GUS most of the IPs are spidering my site by grabing a couple of pages every 10 minutes.
One interesting thing to note is Google Analytics seems to recognize the traffic as garbage and does not track it.
One of the Geeklog Core Developers.
I'll have to look at the web logs as you suggest to get more details. From what I can tell with GUS most of the IPs are spidering my site by grabing a couple of pages every 10 minutes.
One interesting thing to note is Google Analytics seems to recognize the traffic as garbage and does not track it.
One of the Geeklog Core Developers.
11
13
Quote
Status: offline
1000ideen
Forum User
Full Member
Registered: 08/04/03
Posts: 1298
Are you running Badbehavior plugin?
You may check the domains with Google: http://www.google.de/search?q=211.239.124.90
You may check the domains with Google: http://www.google.de/search?q=211.239.124.90
12
10
Quote
Status: offline
scarecrow
Forum User
Junior
Registered: 10/24/07
Posts: 33
Here in the last week my MFU (Most Frequent User) seems to be our friend from China, SosoSpider. The site has been getting 200-300 hits per day from various IP's in the 124.115.*.* range. Every visit is the same, 2 GET's and 2 HEAD's on index.php. They all made it under the BB/Spam-x radar, but good ol' .htaccess stop's 'em cold. 
(btw: 'MFU' _may_ have a differrent meaning here in the shop. ) :wink:
(btw: 'MFU' _may_ have a differrent meaning here in the shop. ) :wink:
9
13
Quote
All times are EST. The time is now 12:30 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content