Solved

Mystery Visitors To Site

Posted on 2012-03-26
5
302 Views
Last Modified: 2012-03-28
Hello Experts,

I have an issue that is occurring on one of my sites that I have no idea as to why it is occurring and it is kind of freaking me out.

Recently, I put out a promotion for one of my sites, and I noticed that after I did that, one of the visitors apparently looked over my site and then proceeded to visit just the home page every few hours.

I did a blacklist check on the ip and found that it did appear on several of the blacklist sites so I went ahead and blocked it.  That stopped the problem from that ip.

But, the next day, I noticed that someone visited from another ip within the same city without a referring link and started visiting just the home page every few hours.  I checked that ip, found that it too appeared on some blacklists and proceeded to block that as well.

I have been repeating this exercise every day for the past few weeks, and every time I block an ip, a new instance occurs of someone just visiting the home page every few hours.  Some of the ip's appear on blacklists, some do not.  But if I do nothing, it just fills up my visitor registry with these bounces.

Can anyone explain to me what could be happening here?  What benefit would anyone get from just visiting my home page and leaving other than helping to raise my bounce rate?

Could this be a setup for a more malicious attack?  What can I do about this?

Thanks to all who can help.
0
Comment
Question by:OmniUnlimited
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37771412
it might be just a crawler

> Could this be a setup for a more malicious attack?
as long as you do not see other malicious requests, I doubt that just calling the homepage without parameters is malicious

> What can I do about this?
block it as you already do, protect it with proper credentials, or disconnect it (probably not what you want:)
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 37772663
Hi ahoffmann, thank you for your reply.

Agreed that this is a bot or crawler of some kind, but what I don't understand is why it would crawl just the home page?
0
 
LVL 17

Author Comment

by:OmniUnlimited
ID: 37775060
Some added information, I did a check on the user agent and it appears that the source is consistently in all cases a Safari browser running on a Windows 7 system with 1280 x 720 screen resolution.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 37775297
> .. in all cases a Safari browser ..
LOL,
I guess it's Safaris nice dashboard feature which loads all previously visited pages in its "page preview" when started
this happens as long as the user (of that safari) does not delete pages from this preview

you cannot do anything about this, adding the IP to your blacklist is probably not what you want
0
 
LVL 17

Author Closing Comment

by:OmniUnlimited
ID: 37775372
Huh, thanks a lot ahoffman, I've gone ahead and removed the ip blocks, I guess I probably have upset some people in my ignorance.

I appreciate the input and the help.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Customized VNC 1 37
Review of apps API SSL Cert policy 2 31
Public Printing Options 3 51
Turning off updates in Ubuntu 8 23
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question