06-03-2008, 03:32 AM
I use a free statistics site to manage my website's visitor stats. I've been noticing for the past couple weeks, one visitor that would come to the main page of the site and leave, without clicking on any of the links on the page or anything. What worries me is that this goes on every single day between 5 - 20 times a day. I'm not really complaining because bandwidth isn't a concern, but I worry that this may be some sort of red flag for a malicious attack. Is there need for worry? I have the IP and hostname of the visitor, which gives me the location. Still, I don't know if I should take any action or just hang back and watch. What should/n't I do?
06-03-2008, 03:35 AM
Well what kind of website is it? A blog?
06-03-2008, 03:37 AM
A free service site to make a course schedule for university students. The only thing of "value" is the database with users' email addresses in it -- the passwords are all stored encrypted. Otherwise it could just be a defacing attack, but to be modest my site isn't really that popular to warrant that kind of attack.
06-03-2008, 03:55 AM
Could it not be a student trying to make their schedule? I know as a full-time student I often have to check back about classes and stuff going back and forth making sure things fit in the schedule. Or maybe its a bunch of students from the same school who have similar ip addresses? Are the IPs the same? Could you pm me the link? It could be useful for myself to use.
06-03-2008, 04:00 AM
No because there is a separate page for doing that. That's what makes this case interesting, because the main page doesn't really have anything to do on it - it's just a welcome page, essentially. If they went from the main page to the page to view their schedule, it would come up in the stat log. Instead it ends at the main page. I can't even imagine what they'd want on the main page. It's almost as if someone made the welcome page their homepage and every time they open their browser it counts as a hit to my site - then they navigate away from it. Of course, if this was the case I'd have nothing to worry about, but I really have no idea what this person's intentions are. That's why I opened this thread to see what the community thinks I should do.
06-03-2008, 04:38 AM
You could try doing a whois on the ip address and perhaps try to contact them if their information is available though if its a person it probably won't be but if its a bot the hosting server might be.
06-03-2008, 02:42 PM
I tried the whois lookup, but nothing helpful came up. Should I be concerned?
06-03-2008, 03:05 PM
I don't think you should be. I mean nothing has happened yet right? And you said on the main page there really is no access to the backend right?
06-03-2008, 06:42 PM
Sort of. One of the flash applications accesses a database so it can display some summary stats. The main page shouldn't be the target if they wanted to hack the database because that page simply displays the data -- they should target the page that gets the data if they had something malicious in mind. I can't think of any other good reason to load my site 15 times a day other than a home page or a bot, but the IP came up clean....