| View previous topic :: View next topic |
| Author |
Message |
Tastiger
Joined: 28 May 2006
Posts: 25
|
| Posted: Wed May 30, 2007 6:53 pm Post subject: Something strange in my Stats |
|
|
I was glancing through the stats for a development site yesterday and came across something alarming.
The development site http://scm-rpg.dhs.org - however
http://www.outwar.com/ is showing up as the most accessed URL on the site
Pages-URL (Top 10) - Full list - Entry - Exit
13 different pages-url Viewed Average size Entry Exit
http://www.outwar.com/ 99 26.55 KB 43 42
I also have 4 other strange URL's showing up in the list.
http://82.96.96.3:802/
http://194.109.153.2:6667/
http://172.144.8.79:25/
http://www.baidu.com/
None of these are my IP address
anyone have any clues as to what is going on here?
I have since blocked the 3 numeric IP's on my via my Smoothwall - but I am wondering what is actually going on for those URL's to be showing up in the stats.
It only seems to be this one development site - the other 2 sites I have hosted show normal activity in the URLs in the stats.
Problem is once I setup virtual hosts I noticed that the security log doesn't update or it only accesses localhost - I'm not sure how to access the security log for each virtual host to dig deeper - so any advice is welcome... |
|
| Back to top |
|
ibby
Joined: 05 Jun 2007
Posts: 24
|
| Posted: Wed Jun 06, 2007 8:19 am Post subject: |
|
|
COuld it not be the case where the users have posted the link on your forum or website.
So the more clicks it recives the more accessed/demand the link is in
according to this virtual host example.
the secuirty logs/logs sit below the domain directory
<VirtualHost www.baygroup.org>
ServerAdmin webmaster@mail.baygroup.org
DocumentRoot /groups/baygroup/www
ServerName www.baygroup.org
ErrorLog /groups/baygroup/logs/error_log
TransferLog /groups/baygroup/logs/access_log
</VirtualHost> |
|
| Back to top |
|
Tastiger
Joined: 28 May 2006
Posts: 25
|
| Posted: Wed Jun 06, 2007 6:54 pm Post subject: |
|
|
ibby wrote: COuld it not be the case where the users have posted the link on your forum or website.
That just the point the site has really no content on it all
I managed to access the security logs for the site by using the link :-
http://localhost/apache2triadcp/sitename-security.cgi
So all is well there.
I did a traceback on the 2 IP's that had accessed the site apart from me and found that they belonged to
66.45.247.156 (node27.outwar.com)
66.45.247.135 (node6.outwar.com)
I blocked both of those via Smoothwall and I am no longer getting hits on http://www.outwar.com/ showing up in my stats it is only showing hits on my pages.
So I don't really know what was going on with Outwar or why their nodes were accessing my site
Another one to look out for is Multiple Vendor HTTP CONNECT TCP Tunnel attack by 82.96.96.3
Again I have this one blocked at the Smoothwall.
UH - OH - Update
I just checked stats again and they are back this time using:-
66.45.247.150 (node21.outwar.com)
I really wish I knew what was going on here as it doesn't seem kosher to me.
The attachment is a screen cap from my stats.
Pages-URL (Top 10) |
|
| Back to top |
|
| |
