Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

A good or an ominous spike? Just a holiday fluke?

#1
C C Offline
Visitor count at any random glance down there normally seems less than ten. But been seeing an unusually large and seemingly constant jump in the number of guests (varying from 60 to 80+). The majority of them also seem to coordinately cluster in a particular subforum at one time and then migrate to another (i.e., "_X_ users browsing" here).

Some kind of initially smaller scouting party for a future, ultra-massive DoS attack or other "overwhelm the website" strategy? Surely nothing, as this isn't a social watering hole of international significance. Merely the sort of the thing that stimulates the over-imaginative paranoia / conspiracy receptors of the brain during boring periods.

- - -
Reply
Reply
Reply
#4
Secular Sanity Offline
(Dec 20, 2017 09:27 PM)Magical Realist Wrote: Russian trolls?

Who knows? It might just be your magical mojo. Wink

Happy Holidays, MR!
Reply
#5
stryder Offline
The sudden indexing increase is due to an Google Analytics poisoning attack using Backlinks. This is when a whole host of accesses to the site I done by a bot that places Referer's into where the traffic supposedly originated, rather than being a legitimate path from a site linking directly to here, instead it's a whole host of domains and domain paths that potentially have advertisement embedded into them. It either makes those sites look like they have more interconnection than they technically have (attempting to raise their google rank status) or decreases this sites rank by slurring it with sites that are seen as illegitimate to google.

When the site intially had slow-downs, I realised that a neighbouring site within the cluster of sites this ones connected with was suffering some severe slow down, I didn't know by exactly what (It could of been a legitimate increase in Christmas traffic, or an exploitation of some sort) in any effect I had a good hard look at what is currently slowing traffic and started putting some settings in to help alleviate the load. One of those things made me take the decision the other week to dump any Analytics code from the site. Initially it was there to get an idea of the sites worth encase any expansion or investment was done in the future (just incase any partnerships were planned), however I decided that direction has somewhat stagnated, and it was literally code this site didn't really need embedded into it. So the very thing that this "attack" attempts to exploit, only exists in CACHE's. Google's Analytics's will not be recording their page accesses at this end, thereby it negates their "Pay" load.

I will look to block some of them, but there will always be some that find their way through.
Reply
#6
stryder Offline
A further look at the IP's and the URL's suggest that it seems to be a bot net on OVHosting's network.
I pose a bot net as some IP's have been slated with various SQL attacks previously. I'd hazard a guess that they likely have a VPN that is infected. Dedicated Hosting tends to try to have a Neutrality agreement where any ISP's/Telecom's or everyday companies can house their servers within their networks. They use VPN's for setting up POP (Point of Presence) between such locations which creates what is known as the "Backbone". So this suggests that OVHostings backbone is currently infected (although that would need to be proven)
Reply
#7
stryder Offline
Throughout the day:
135 IPa's were used (of which most where OVHosting, and were from a number of countries)

To attempt to place:
13,277 backlinks to other sites.

The way links can be weighed in search engines is based on how many links are incoming and how many are outgoing. Google's earlier version were literally a 1 to 1 conversion,
e.g if one link goes out and one link comes in they would cancel each other. Having a high number of incoming links gave better results than having a high number of outgoing links.
Further revision got to the point where if a site had a better result, they would be given a higher weight when referring other sites.

The way the analytic seemed to have been was that sites like Scivillage.com would appear to point to another site (the referrer) which in turn could have their analytics spiked to point to other referrers, which in turn could occur like that for a number of other sites before eventually coalescing into one site getting very high rated referrers pointing at them (thereby boosting their rank)
Reply




Users browsing this thread: 1 Guest(s)