16K hits from 1 IP is few minutes. Trouble?

Peter-Jan · Jan 15, 2010

Hi,

About 30 minuts ago I suddenly had exactly 100 simultaneous visits in my forum for a few minutes. These are the server stats:

IP: 81.165.104.81
Pages:5330
Hits:16373
Bandwith: 137.07 MB
Date&time:15 Jan 2010 - 09:53

So what was this? Some kind of amateuristic spider? Or a sophisticated threat I should be aware of?

Thanks!

Edit: Wow was too sleepy before and didn't notice this is coming from my OWN IP address !! Hmm will do security scan on my PC, totally puzzled now...

Guard Dog · Jan 15, 2010

I would take a look at the Apache log to find out what it was 'hitting'. My guess would be that it is some sort of threat, but depending upon what it was after will determine the threat. Could be a spider that is trying to duplicate your content (which is what it kinda sounds like to me).

lots0 · Jan 15, 2010

That is a telenet IP out of Europe...

There is a VERY good chance someone was probing for security holes.

Were they hitting any strange looking URLs?

Peter-Jan · Jan 15, 2010

lots0 said:
That is a telenet IP out of Europe...

There is a VERY good chance someone was probing for security holes.

Were they hitting any strange looking URLs?

You mean Telenet as in the Belgian Telecom Company?

(I live in Belgium, so that would mean it could be someone that I know - or someone who at least knows me.)

Edit: This IP also hit my cpanel page.

Peter-Jan · Jan 15, 2010

Guard Dog said:
I would take a look at the Apache log to find out what it was 'hitting'. My guess would be that it is some sort of threat, but depending upon what it was after will determine the threat. Could be a spider that is trying to duplicate your content (which is what it kinda sounds like to me).

Only found part of the pages this IP visited but as my site is still working fine, I guess they just want access to my server to copy the server side scripts... because copying the content on my site seems quite pointless to me - PlayersBay is not a content site.

I'll tell my hosting about it so they can block other IP's.

Guard Dog · Jan 15, 2010

Peter-Jan said:
You mean Telenet as in the Belgian Telecom Company?

(I live in Belgium, so that would mean it could be someone that I know - or someone who at least knows me.)

Edit: This IP also hit my cpanel page.

Telnet is a protocol that uses a specific port. Ports allow access to computers. Essentially, he was checking for open ports in order to 'break in' (most likely).

tryme1 · Jan 15, 2010

Some confusion here:

Telnet, which Guard Dog is talking about, is not the same as Telenet, which is, as you know, a Belgian internet service provider.

You say this is your own IP : If it was me, I'd take this approach first:

Is my IP unique or is it shared with other Telenet users.

Is there a problem with my stats and how they record sessions.

Then I would start to move on to : how is my IP being spoofed, what can my host do to identify the real source of this traffic, what can we do to prevent a problem in the future.

I certainly wouldn't immediately assume the worst.

Guard Dog · Jan 15, 2010

ooops! I re-read and see where I missed a letter (and an entire concept for that matter). Sorry and disregard my post.

lots0 · Jan 15, 2010

tryme1 said:
I certainly wouldn't immediately assume the worst.

Ah I'm one of those that assumes the worst and if it turns out not so bad.. I celebrate.

I said it was a "very good chance" based on some recent experience with telenet.

I didn't even think of a spoofed IP, which is a real possibility.

tryme1 · Jan 15, 2010

Hey, Lots0,

your approach of 'assuming the worst' is probably more pragmatic, but I would rule out the less scary options first.

16K hits from 1 IP is few minutes. Trouble?

Peter-Jan

Affiliate Guard Dog Member

Guard Dog

Guard Dog

lots0

Affiliate Guard Dog Member

Peter-Jan

Affiliate Guard Dog Member

Peter-Jan

Affiliate Guard Dog Member

Guard Dog

Guard Dog

tryme1

Affiliate Guard Dog Member

Guard Dog

Guard Dog

lots0

Affiliate Guard Dog Member

tryme1

Affiliate Guard Dog Member