16K hits from 1 IP is few minutes. Trouble?

Discussion in 'General Casino Affiliate Area' started by Peter-Jan, Jan 15, 2010.

  1.  
    Peter-Jan

    Peter-Jan Affiliate Guard Dog Member

    Joined:
    Dec 1, 2009
    Messages:
    88
    Likes Received:
    0
    Jan 15, 2010
    Hi,

    About 30 minuts ago I suddenly had exactly 100 simultaneous visits in my forum for a few minutes. These are the server stats:

    IP: 81.165.104.81
    Pages:5330
    Hits:16373
    Bandwith: 137.07 MB
    Date&time:15 Jan 2010 - 09:53

    So what was this? Some kind of amateuristic spider? Or a sophisticated threat I should be aware of?

    Thanks!

    Edit: Wow was too sleepy before and didn't notice this is coming from my OWN IP address !! Hmm will do security scan on my PC, totally puzzled now...
     
    Last edited: Jan 15, 2010
  2.  
    Guard Dog

    Guard Dog Guard Dog Staff Member

    Joined:
    Dec 13, 2006
    Messages:
    7,721
    Likes Received:
    1,131
    Jan 15, 2010
    I would take a look at the Apache log to find out what it was 'hitting'. My guess would be that it is some sort of threat, but depending upon what it was after will determine the threat. Could be a spider that is trying to duplicate your content (which is what it kinda sounds like to me).
     
  3.  
    lots0

    lots0 Affiliate Guard Dog Member

    Joined:
    Sep 17, 2009
    Messages:
    595
    Likes Received:
    2
    Jan 15, 2010
    That is a telenet IP out of Europe...

    There is a VERY good chance someone was probing for security holes.

    Were they hitting any strange looking URLs?
     
  4.  
    Peter-Jan

    Peter-Jan Affiliate Guard Dog Member

    Joined:
    Dec 1, 2009
    Messages:
    88
    Likes Received:
    0
    Jan 15, 2010
    You mean Telenet as in the Belgian Telecom Company?

    (I live in Belgium, so that would mean it could be someone that I know - or someone who at least knows me.)

    Edit: This IP also hit my cpanel page.
     
    Last edited: Jan 15, 2010
  5.  
    Peter-Jan

    Peter-Jan Affiliate Guard Dog Member

    Joined:
    Dec 1, 2009
    Messages:
    88
    Likes Received:
    0
    Jan 15, 2010
    Only found part of the pages this IP visited but as my site is still working fine, I guess they just want access to my server to copy the server side scripts... because copying the content on my site seems quite pointless to me - PlayersBay is not a content site.

    I'll tell my hosting about it so they can block other IP's.
     
  6.  
    Guard Dog

    Guard Dog Guard Dog Staff Member

    Joined:
    Dec 13, 2006
    Messages:
    7,721
    Likes Received:
    1,131
    Jan 15, 2010
    Telnet is a protocol that uses a specific port. Ports allow access to computers. Essentially, he was checking for open ports in order to 'break in' (most likely).
     
  7.  
    tryme1

    tryme1 Affiliate Guard Dog Member

    Joined:
    Mar 2, 2009
    Messages:
    681
    Likes Received:
    56
    Jan 15, 2010
    Some confusion here:

    Telnet, which Guard Dog is talking about, is not the same as Telenet, which is, as you know, a Belgian internet service provider.

    You say this is your own IP : If it was me, I'd take this approach first:

    Is my IP unique or is it shared with other Telenet users.

    Is there a problem with my stats and how they record sessions.

    Then I would start to move on to : how is my IP being spoofed, what can my host do to identify the real source of this traffic, what can we do to prevent a problem in the future.

    I certainly wouldn't immediately assume the worst.
     
  8.  
    Guard Dog

    Guard Dog Guard Dog Staff Member

    Joined:
    Dec 13, 2006
    Messages:
    7,721
    Likes Received:
    1,131
    Jan 15, 2010
    ooops! I re-read and see where I missed a letter (and an entire concept for that matter). Sorry and disregard my post.
     
  9.  
    lots0

    lots0 Affiliate Guard Dog Member

    Joined:
    Sep 17, 2009
    Messages:
    595
    Likes Received:
    2
    Jan 15, 2010
    Ah I'm one of those that assumes the worst and if it turns out not so bad.. I celebrate. ;)

    I said it was a "very good chance" based on some recent experience with telenet.

    I didn't even think of a spoofed IP, which is a real possibility.
     
  10.  
    tryme1

    tryme1 Affiliate Guard Dog Member

    Joined:
    Mar 2, 2009
    Messages:
    681
    Likes Received:
    56
    Jan 15, 2010
    Hey, Lots0,

    your approach of 'assuming the worst' is probably more pragmatic, but I would rule out the less scary options first.
     

Share This Page