Apache2Triad Help, Support and Development Forum Index Search Profile Log in to check your private messages Log in Register Memberlist Attachments Statistics Crew/Ranks Archive
 Something strange in my Stats
Google
Post new topic Reply to topic
Author Message
Tastiger
 
 


Joined: 28 May 2006
Posts: 25

PostPosted: Wed May 30, 2007 6:53 pm Reply with quoteBack to top

I was glancing through the stats for a development site yesterday and came across something alarming.

The development site http://scm-rpg.dhs.org - however

http://www.outwar.com/ is showing up as the most accessed URL on the site

Pages-URL (Top 10) - Full list - Entry - Exit
13 different pages-url Viewed Average size Entry Exit
http://www.outwar.com/ 99 26.55 KB 43 42

I also have 4 other strange URL's showing up in the list.

http://82.96.96.3:802/
http://194.109.153.2:6667/
http://172.144.8.79:25/
http://www.baidu.com/

None of these are my IP address

anyone have any clues as to what is going on here?

I have since blocked the 3 numeric IP's on my via my Smoothwall - but I am wondering what is actually going on for those URL's to be showing up in the stats.

It only seems to be this one development site - the other 2 sites I have hosted show normal activity in the URLs in the stats.

Problem is once I setup virtual hosts I noticed that the security log doesn't update or it only accesses localhost - I'm not sure how to access the security log for each virtual host to dig deeper - so any advice is welcome...
View user's profileSend private message
ibby
 
 


Joined: 05 Jun 2007
Posts: 24

PostPosted: Wed Jun 06, 2007 8:19 am Reply with quoteBack to top

COuld it not be the case where the users have posted the link on your forum or website.

So the more clicks it recives the more accessed/demand the link is in

according to this virtual host example.
the secuirty logs/logs sit below the domain directory

<VirtualHost www.baygroup.org>
ServerAdmin webmaster@mail.baygroup.org
DocumentRoot /groups/baygroup/www
ServerName www.baygroup.org
ErrorLog /groups/baygroup/logs/error_log
TransferLog /groups/baygroup/logs/access_log

</VirtualHost>
View user's profileSend private message
Tastiger
 
 


Joined: 28 May 2006
Posts: 25

PostPosted: Wed Jun 06, 2007 6:54 pm Reply with quoteBack to top

ibby wrote:
COuld it not be the case where the users have posted the link on your forum or website.



That just the point the site has really no content on it all

I managed to access the security logs for the site by using the link :-

http://localhost/apache2triadcp/sitename-security.cgi

So all is well there.

I did a traceback on the 2 IP's that had accessed the site apart from me and found that they belonged to

66.45.247.156 (node27.outwar.com)
66.45.247.135 (node6.outwar.com)


I blocked both of those via Smoothwall and I am no longer getting hits on http://www.outwar.com/ showing up in my stats it is only showing hits on my pages.

So I don't really know what was going on with Outwar or why their nodes were accessing my site

Another one to look out for is Multiple Vendor HTTP CONNECT TCP Tunnel attack by 82.96.96.3

Again I have this one blocked at the Smoothwall.

UH - OH - Update

I just checked stats again and they are back this time using:-

66.45.247.150 (node21.outwar.com)

I really wish I knew what was going on here as it doesn't seem kosher to me.

The attachment is a screen cap from my stats.

Pages-URL (Top 10)
View user's profileSend private message
Display posts from previous:      
Post new topic Reply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
Powered by phpBB © 2001, 2002 phpBB Group :: FI Theme
All times are GMT