Solved

Mystery Visitors To Site

Posted on 2012-03-26
5
301 Views
Last Modified: 2012-03-28
Hello Experts,

I have an issue that is occurring on one of my sites that I have no idea as to why it is occurring and it is kind of freaking me out.

Recently, I put out a promotion for one of my sites, and I noticed that after I did that, one of the visitors apparently looked over my site and then proceeded to visit just the home page every few hours.

I did a blacklist check on the ip and found that it did appear on several of the blacklist sites so I went ahead and blocked it.  That stopped the problem from that ip.

But, the next day, I noticed that someone visited from another ip within the same city without a referring link and started visiting just the home page every few hours.  I checked that ip, found that it too appeared on some blacklists and proceeded to block that as well.

I have been repeating this exercise every day for the past few weeks, and every time I block an ip, a new instance occurs of someone just visiting the home page every few hours.  Some of the ip's appear on blacklists, some do not.  But if I do nothing, it just fills up my visitor registry with these bounces.

Can anyone explain to me what could be happening here?  What benefit would anyone get from just visiting my home page and leaving other than helping to raise my bounce rate?

Could this be a setup for a more malicious attack?  What can I do about this?

Thanks to all who can help.
0
Comment
Question by:OmniUnlimited
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37771412
it might be just a crawler

> Could this be a setup for a more malicious attack?
as long as you do not see other malicious requests, I doubt that just calling the homepage without parameters is malicious

> What can I do about this?
block it as you already do, protect it with proper credentials, or disconnect it (probably not what you want:)
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 37772663
Hi ahoffmann, thank you for your reply.

Agreed that this is a bot or crawler of some kind, but what I don't understand is why it would crawl just the home page?
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 37775060
Some added information, I did a check on the user agent and it appears that the source is consistently in all cases a Safari browser running on a Windows 7 system with 1280 x 720 screen resolution.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 37775297
> .. in all cases a Safari browser ..
LOL,
I guess it's Safaris nice dashboard feature which loads all previously visited pages in its "page preview" when started
this happens as long as the user (of that safari) does not delete pages from this preview

you cannot do anything about this, adding the IP to your blacklist is probably not what you want
0
 
LVL 17

Author Closing Comment

by:OmniUnlimited
ID: 37775372
Huh, thanks a lot ahoffman, I've gone ahead and removed the ip blocks, I guess I probably have upset some people in my ignorance.

I appreciate the input and the help.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question