Solved

Mystery Visitors To Site

Posted on 2012-03-26
5
304 Views
Last Modified: 2012-03-28
Hello Experts,

I have an issue that is occurring on one of my sites that I have no idea as to why it is occurring and it is kind of freaking me out.

Recently, I put out a promotion for one of my sites, and I noticed that after I did that, one of the visitors apparently looked over my site and then proceeded to visit just the home page every few hours.

I did a blacklist check on the ip and found that it did appear on several of the blacklist sites so I went ahead and blocked it.  That stopped the problem from that ip.

But, the next day, I noticed that someone visited from another ip within the same city without a referring link and started visiting just the home page every few hours.  I checked that ip, found that it too appeared on some blacklists and proceeded to block that as well.

I have been repeating this exercise every day for the past few weeks, and every time I block an ip, a new instance occurs of someone just visiting the home page every few hours.  Some of the ip's appear on blacklists, some do not.  But if I do nothing, it just fills up my visitor registry with these bounces.

Can anyone explain to me what could be happening here?  What benefit would anyone get from just visiting my home page and leaving other than helping to raise my bounce rate?

Could this be a setup for a more malicious attack?  What can I do about this?

Thanks to all who can help.
0
Comment
Question by:OmniUnlimited
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37771412
it might be just a crawler

> Could this be a setup for a more malicious attack?
as long as you do not see other malicious requests, I doubt that just calling the homepage without parameters is malicious

> What can I do about this?
block it as you already do, protect it with proper credentials, or disconnect it (probably not what you want:)
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 37772663
Hi ahoffmann, thank you for your reply.

Agreed that this is a bot or crawler of some kind, but what I don't understand is why it would crawl just the home page?
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 37775060
Some added information, I did a check on the user agent and it appears that the source is consistently in all cases a Safari browser running on a Windows 7 system with 1280 x 720 screen resolution.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 37775297
> .. in all cases a Safari browser ..
LOL,
I guess it's Safaris nice dashboard feature which loads all previously visited pages in its "page preview" when started
this happens as long as the user (of that safari) does not delete pages from this preview

you cannot do anything about this, adding the IP to your blacklist is probably not what you want
0
 
LVL 17

Author Closing Comment

by:OmniUnlimited
ID: 37775372
Huh, thanks a lot ahoffman, I've gone ahead and removed the ip blocks, I guess I probably have upset some people in my ignorance.

I appreciate the input and the help.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question