Do you really know who’s visiting your website?

May 8, 2015

We live in the world of Analytics where words like “Big Data” are everywhere to be seen.

But, are you really sure that the visitors of your website or blog are really interested in your content?

A few years ago, maybe… But now, the cybercriminals, or more exactly their bots, are trying to gain access to your website to serve their own content to your visitors.

How do we know that?

There are many ways to find that out, but the simplest ones are:

– install a web application firewall

If you have WordPress, you might want to try one of the “firewalls” that are available for free.

You will be astonished to see that a lot of the visitors try to login into your WordPress.

I wrote back in 2013 an article describing the anatomy of a live attack from China on a WordPress blog.

On a period of 2 days:

~90% of the traffic was Spiders, Bots, Crawlers from Google, Baidu,
~8% of the traffic were attempts to register an account like the one below:
~2% were real visitors

All this happened because the website was pretty good indexed and it had a good domain name (IT Security News).

– Keep an eye on WordPress’ statistics

The situation improved a bit now, because WordPress took stance and rejects now all login attempts from “known” IPs.

This is how it looks now (period of a few months since I reset the statistics):

The blocked malicious login increases with about 100 attempts per day.

Unfortunately, you don’t see these things using services like Google Analytics or even WordPress’ own JetPack statistics.

You just see visitors if you look at the top level statistics…

Only if you dive deeper in the stats, you can see that many visitors – the vast majority if you are under attack or your site is being indexed by spiders and robots, will stop at the Home level. They don’t go further as they are satisfied by the meta keywords of the website, which are usually found in every page, including the Home page.

What can you do?

Well, the first thing to think about is if you want to do something about it. If you block spiders and robots, you will no longer be found by search engines. You probably don’t want this.

You can block however, malicious login attempts. There are tips how to harden WordPress. More or less the same applies to other platforms.

Or you can install a firewall plugin for WordPress and configure it to block the IPs which attempt to apply brute force.

Sorin Mustaca, CSSLP, Security+, Project+

www.sorinmustaca.com

Yet a new Java zero-day exploit?

We don’t know yet if this is a bad joke intended to discredit Oracle and Java, but the media is buzzing about a possible new undetected exploit in Java. This was started by a post of the security researcher Brian Krebs who observed a thread in a known online crime forum where somebody was selling […]

Viruses and Digital Signatures

Very interesting stuff: http://www.symantec.com/connect/blogs/viruses-and-digital-signatures Although the files are signed, they are signed using an unauthenticated CA (Certificate Authority) which is masquerading as Verisign. A CA is a trusted third party that issues and signs the certificate and vouches for the authenticity of the file. Each CA should be registered and therefore recognized globally as a […]

My book collection on LibraryThing.com

I was trying to update my Book Collection … manually. I wanted to optimize this thing .. .so I found a nice site where you can load your books and have some code integrated in the site. So, here is the Book new Book I have read collection.

Like this:

Like this:

Like this:

IT Security News (EN)

IT Sicherheitsnews (DE)

Improve Your Security Ebook

Share this:

Like this:

Related

Related Posts

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: