Ominous (?)
-
Keeping a Google Analytics eye on a website I manage (pro bono) I have observed occasional hits from overseas. They are of three types. 1) Those that picked it as "Nassau" thinking it was an island in the Caribbean (instead of an island in NY) 2) Sporadic ones from nearly anywhere that my be curiosity or Private VPN's 3) From China The last of these is by far the most common. It makes me wonder if the site's being probed for some sort of mayhem (which would be weird - no economic content and this time of year, maybe 5 hits/day on the average). So they really covet want my traffic. Any suggestions or speculations as to what might explain this ?
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
-
Keeping a Google Analytics eye on a website I manage (pro bono) I have observed occasional hits from overseas. They are of three types. 1) Those that picked it as "Nassau" thinking it was an island in the Caribbean (instead of an island in NY) 2) Sporadic ones from nearly anywhere that my be curiosity or Private VPN's 3) From China The last of these is by far the most common. It makes me wonder if the site's being probed for some sort of mayhem (which would be weird - no economic content and this time of year, maybe 5 hits/day on the average). So they really covet want my traffic. Any suggestions or speculations as to what might explain this ?
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
Do you have access to analytics for other websites? Maybe you could compare if you filtered just for odd traffic within certain parameters (like IPs originating from Asia and that don't have a common user agent or something) Basically it would be interesting to see if it's a pattern that's isolated to your website or if other websites get similar pings from China.
Real programmers use butterflies
-
Do you have access to analytics for other websites? Maybe you could compare if you filtered just for odd traffic within certain parameters (like IPs originating from Asia and that don't have a common user agent or something) Basically it would be interesting to see if it's a pattern that's isolated to your website or if other websites get similar pings from China.
Real programmers use butterflies
Other website, if I set up the analytics, have so few hit's there would be no useful data. Pretty much long-abandoned sites. This link may hold a hint. How to Get a China IP Address Anywhere — Updated in 2021[^] There have been IP's from China for quite a while but they seem to have become the predominant non-US address. Once upon a time it was Pakistan, but they were screen-scraping to send SPAM for sales promos (I punished them severely and they avoid my site like a plague). No marketing from China. What I really may need is another webmaster observing similar visitations. Here's a thought: this website once had a slightly different name and when it was changed the old domain was just dropped. It was immediately commandeered by a Thai-based gambling site and they had all my earned credentials (longevity, search-engine position). They gave up after a while. I'm curious how they would expect trust (for gambling/money) when they misrepresent themselves to get clicked-through? Scarfing up newly abandoned sites is, apparently, a common practice for similar purposes and someone may be testing to see if it's available.
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
-
Other website, if I set up the analytics, have so few hit's there would be no useful data. Pretty much long-abandoned sites. This link may hold a hint. How to Get a China IP Address Anywhere — Updated in 2021[^] There have been IP's from China for quite a while but they seem to have become the predominant non-US address. Once upon a time it was Pakistan, but they were screen-scraping to send SPAM for sales promos (I punished them severely and they avoid my site like a plague). No marketing from China. What I really may need is another webmaster observing similar visitations. Here's a thought: this website once had a slightly different name and when it was changed the old domain was just dropped. It was immediately commandeered by a Thai-based gambling site and they had all my earned credentials (longevity, search-engine position). They gave up after a while. I'm curious how they would expect trust (for gambling/money) when they misrepresent themselves to get clicked-through? Scarfing up newly abandoned sites is, apparently, a common practice for similar purposes and someone may be testing to see if it's available.
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
You're probably right about that. In any case, I personally wouldn't worry about it but that's why nobody puts me in charge of securing anything. "Oh, it will be fine" :laugh:
Real programmers use butterflies
-
Keeping a Google Analytics eye on a website I manage (pro bono) I have observed occasional hits from overseas. They are of three types. 1) Those that picked it as "Nassau" thinking it was an island in the Caribbean (instead of an island in NY) 2) Sporadic ones from nearly anywhere that my be curiosity or Private VPN's 3) From China The last of these is by far the most common. It makes me wonder if the site's being probed for some sort of mayhem (which would be weird - no economic content and this time of year, maybe 5 hits/day on the average). So they really covet want my traffic. Any suggestions or speculations as to what might explain this ?
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
Had a client on GoDaddy. ASP.NET Web server; data only to Windows kiosks; no "web presence". The server was constantly probed by Chinese "bots" attempting to log in: Admin; Guest; Admin1; etc. Minute by minute; if not the second. It's all in the Windows Security Log. They just use bots and cycle through IP addresses looking for an open port / weak password.
It was only in wine that he laid down no limit for himself, but he did not allow himself to be confused by it. ― Confucian Analects: Rules of Confucius about his food
-
Keeping a Google Analytics eye on a website I manage (pro bono) I have observed occasional hits from overseas. They are of three types. 1) Those that picked it as "Nassau" thinking it was an island in the Caribbean (instead of an island in NY) 2) Sporadic ones from nearly anywhere that my be curiosity or Private VPN's 3) From China The last of these is by far the most common. It makes me wonder if the site's being probed for some sort of mayhem (which would be weird - no economic content and this time of year, maybe 5 hits/day on the average). So they really covet want my traffic. Any suggestions or speculations as to what might explain this ?
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
This is probably bots probing ip addresses. I work for a multi-national and we see this all of the time with all of our public domains, some of which are very similar to yours. I suspect that the bots are looking for access into any ip address and phones home with what they have found. There is probably a database with this info which is searched for potential targets. First identify and then target.
"When you are dead, you won't even know that you are dead. It's a pain only felt by others; same thing when you are stupid." Ignorant - An individual without knowledge, but is willing to learn. Stupid - An individual without knowledge and is incapable of learning. Idiot - An individual without knowledge and allows social media to do the thinking for them.
-
Keeping a Google Analytics eye on a website I manage (pro bono) I have observed occasional hits from overseas. They are of three types. 1) Those that picked it as "Nassau" thinking it was an island in the Caribbean (instead of an island in NY) 2) Sporadic ones from nearly anywhere that my be curiosity or Private VPN's 3) From China The last of these is by far the most common. It makes me wonder if the site's being probed for some sort of mayhem (which would be weird - no economic content and this time of year, maybe 5 hits/day on the average). So they really covet want my traffic. Any suggestions or speculations as to what might explain this ?
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
Check your access logs for those IPs; odds are that you'll find multiple exploit attempt URLs pushed to your server by the Chinese traffic. They basically do Hail Mary attacks against every website all the time. I have a WAF on a slightly (but not terribly much) more trafficked website and the crap that I see from them is just remarkable.
"Never attribute to malice that which can be explained by stupidity." - Hanlon's Razor
-
Keeping a Google Analytics eye on a website I manage (pro bono) I have observed occasional hits from overseas. They are of three types. 1) Those that picked it as "Nassau" thinking it was an island in the Caribbean (instead of an island in NY) 2) Sporadic ones from nearly anywhere that my be curiosity or Private VPN's 3) From China The last of these is by far the most common. It makes me wonder if the site's being probed for some sort of mayhem (which would be weird - no economic content and this time of year, maybe 5 hits/day on the average). So they really covet want my traffic. Any suggestions or speculations as to what might explain this ?
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
It's probably bots, likely scraping and sniffing for a way to steal something. So why might I expect their intentions to be less than honorable? Your post reminded me that I haven't checked our ftp server logs in awhile. Finding a larger than average log file, I check it and see that a certain IP attempted a dictionary attack for 20 minutes using the domain name as the user name. (dumb) :| Reverse IP shows it originated in Shijiazhuang, China. :omg: Shocker! :laugh: I've checked enough suspicious activity and traced back enough IP addresses to say that without a doubt, most (70% would be conservative) of the hacking attempts that I've seen come from one country...China. Sorry if this offends anyone.
"Go forth into the source" - Neal Morse "Hope is contagious"
-
Had a client on GoDaddy. ASP.NET Web server; data only to Windows kiosks; no "web presence". The server was constantly probed by Chinese "bots" attempting to log in: Admin; Guest; Admin1; etc. Minute by minute; if not the second. It's all in the Windows Security Log. They just use bots and cycle through IP addresses looking for an open port / weak password.
It was only in wine that he laid down no limit for himself, but he did not allow himself to be confused by it. ― Confucian Analects: Rules of Confucius about his food
It's a remotely hosted website and it's running CPanel under LINIX. The bots could spend their time better elsewhere - the site is public as if every page. In fact, all that they could steal of any value would be some of my php/javascript code- and there's nothing profound in what I put on the site. Good luck them trying to hack in: the uid is one assigned by the host (jibberish) and I left it that way. Password: most place consider it strong (and no real words). Or - I can turn it all around and be proud that the site is a distraction from their nefarious schemes!
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
-
Keeping a Google Analytics eye on a website I manage (pro bono) I have observed occasional hits from overseas. They are of three types. 1) Those that picked it as "Nassau" thinking it was an island in the Caribbean (instead of an island in NY) 2) Sporadic ones from nearly anywhere that my be curiosity or Private VPN's 3) From China The last of these is by far the most common. It makes me wonder if the site's being probed for some sort of mayhem (which would be weird - no economic content and this time of year, maybe 5 hits/day on the average). So they really covet want my traffic. Any suggestions or speculations as to what might explain this ?
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
-
They want to take over any server so they can launch their real attacks from an IP that does not track back to them.
That makes sense of the whole thing (+)
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010