Tuesday, February 26, 2013

Very suspect website traffic

Adding a mailing script and some logging to the 404 page of my website revealed the scary world of security hacking attempts, spammers, unwanted bots, old links and hopefully no missing files.

The Baidu spider started generating traffic going to URLs that do not even remotely exist on my site which in particular involves sign up, join and membership pages. This was later on followed by some three level deep news URLs and my website is only one level deep. Other bots started becoming an issue as well, but they did not keep going as long as Baidu did. At least Baidu is a big search engine, but the traffic makes me think that someone was using the search engines to scan my site to get access to sign up forms for spamming and other reasons. Since Baidu does not know of the URLs, it was most likely sending the bot to check if the URL is valid. If that is the case then I am happy that I was made aware of these attempts. They all got 301 redirects for their effort.

Another series of visits that I had was a blatant attempt at trying to breach security by looking for various standard updating URLs like WordPress and other CMS systems to try and identify what I use for my website plus possible breaking in. Due to custom system and security through obscurity, all of those attempts failed horribly and the 301 redirect list got extended. The CMS login is now also extended to three passwords and only three attempts to log in.

Another recent case that I had was URL's from other sites where "http://" gets stripped out and the rest gets added to maybe get lucky. My entire website is using full URLs and this was already happening when I used relative URLs.

The user agent string recorded for this was:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MDDR; .NET4.0C; .NET4.0E; .NET CLR 1.1.4322; Tablet PC 2.0); 360Spider

IP Address: 101.226.166.243
HTTP Accept Language: 
zh-CN

No comments:

Post a Comment