Solved

Mystery Visitors To Site

Posted on 2012-03-26
5
305 Views
Last Modified: 2012-03-28
Hello Experts,

I have an issue that is occurring on one of my sites that I have no idea as to why it is occurring and it is kind of freaking me out.

Recently, I put out a promotion for one of my sites, and I noticed that after I did that, one of the visitors apparently looked over my site and then proceeded to visit just the home page every few hours.

I did a blacklist check on the ip and found that it did appear on several of the blacklist sites so I went ahead and blocked it.  That stopped the problem from that ip.

But, the next day, I noticed that someone visited from another ip within the same city without a referring link and started visiting just the home page every few hours.  I checked that ip, found that it too appeared on some blacklists and proceeded to block that as well.

I have been repeating this exercise every day for the past few weeks, and every time I block an ip, a new instance occurs of someone just visiting the home page every few hours.  Some of the ip's appear on blacklists, some do not.  But if I do nothing, it just fills up my visitor registry with these bounces.

Can anyone explain to me what could be happening here?  What benefit would anyone get from just visiting my home page and leaving other than helping to raise my bounce rate?

Could this be a setup for a more malicious attack?  What can I do about this?

Thanks to all who can help.
0
Comment
Question by:OmniUnlimited
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37771412
it might be just a crawler

> Could this be a setup for a more malicious attack?
as long as you do not see other malicious requests, I doubt that just calling the homepage without parameters is malicious

> What can I do about this?
block it as you already do, protect it with proper credentials, or disconnect it (probably not what you want:)
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 37772663
Hi ahoffmann, thank you for your reply.

Agreed that this is a bot or crawler of some kind, but what I don't understand is why it would crawl just the home page?
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 37775060
Some added information, I did a check on the user agent and it appears that the source is consistently in all cases a Safari browser running on a Windows 7 system with 1280 x 720 screen resolution.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 37775297
> .. in all cases a Safari browser ..
LOL,
I guess it's Safaris nice dashboard feature which loads all previously visited pages in its "page preview" when started
this happens as long as the user (of that safari) does not delete pages from this preview

you cannot do anything about this, adding the IP to your blacklist is probably not what you want
0
 
LVL 17

Author Closing Comment

by:OmniUnlimited
ID: 37775372
Huh, thanks a lot ahoffman, I've gone ahead and removed the ip blocks, I guess I probably have upset some people in my ignorance.

I appreciate the input and the help.
0

Featured Post

Are Your IoT Devices Out to Get You?

IoT business is booming, with manufacturers connecting any and every “thing” to the Internet. But as pressure grows to release new products faster and faster, we’re all left to wonder: is security a priority? Join our webinar on June 29th for the answer.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question