Page Index Toggle Pages: 1
Topic Tools
Normal Topic Possible Botnet Attack - Anyone else seeing this? (Read 890 times)
Captain John
Ex Member


Re: Possible Botnet Attack - Anyone else seeing this?
Reply #2 - Jul 9th, 2010 at 6:48pm
Post Tools
l Quote:
My question is, how come YaBB can see these IP addresses and none of my other trackers (Google Analytics and StatCounter) can?

Zach



lol Good programming !
  
Back to top
 
IP Logged
 
ZachMatthews
Full Member
***
Offline



Posts: 107
Re: Possible Botnet Attack - Anyone else seeing this?
Reply #1 - Jul 9th, 2010 at 4:15pm
Post Tools
Ok, I got some better stats using my host's internal log files.  These IP addresses all represent IE6 computers that are just trawling my site.  They have been to most of the pages but they must be using some kind of IP anonymizer or mask.  They are attempting to register but since I have pre-registration and email confirmation turned on, it's not going any further.

Just another reminder to use the features the board comes with to prevent spamming.  Based on past attacks, I expect this to go away soon.  My question is, how come YaBB can see these IP addresses and none of my other trackers (Google Analytics and StatCounter) can?

Zach
  
Back to top
 
IP Logged
 
ZachMatthews
Full Member
***
Offline



Posts: 107
Possible Botnet Attack - Anyone else seeing this?
Jul 9th, 2010 at 4:00pm
Post Tools
Hey guys -

About three times in the past six months, I have had these weird days where my forum logs show a ton of new IP addresses connecting as guest, but neither my Google Analytics nor my StatCounter charts are showing any of these connections.

I usually keep my forum logging turned off but when this started again today, I flicked it on.  I can't get much info from that other than IP addresses, which I had anyway in the Guest registry.  However, I am now able to see what look to be about 90% IE6 connections on my forum log.  That's very unusual - 40%+ of my normal users are using Firefox.

So I'm assuming this is a botnet of compromised IE6 computers which are trying to do... something... with my site.  There haven't been any abnormal preregistration attempts (I require email confirmation), nor have there been any attempts to post.

Is this just a dumb botnet that doesn't know how to do anything with my site, but has been directed there for some reason?

If you want to see what I am talking about, hit my site right now at www.itinerantangler.com and look at the number of guests.  I flushed the cache a half hour ago and I've had over 250 random guest connections since.

I've attached what my chart looks like in Admin view (I've blurred my regulars' IP addresses out).

Anybody got any ideas about what is going on and if I should try to take any action?  Right now it only seems to be stumbling around; it isn't driving up my traffic numbers, though, because the connections are invisible to my counters...


Zach

  

chart.jpg ( 312 KB | 45 Downloads )
chart.jpg
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1
Topic Tools
 
  « Board Index ‹ Board  ^Top