Do you really know who’s visiting your website?

May 8, 2015

We live in the world of Analytics where words like “Big Data” are everywhere to be seen.

But, are you really sure that the visitors of your website or blog are really interested in your content?

A few years ago, maybe… But now, the cybercriminals, or more exactly their bots, are trying to gain access to your website to serve their own content to your visitors.

How do we know that?

There are many ways to find that out, but the simplest ones are:

– install a web application firewall

If you have WordPress, you might want to try one of the “firewalls” that are available for free.

You will be astonished to see that a lot of the visitors try to login into your WordPress.

I wrote back in 2013 an article describing the anatomy of a live attack from China on a WordPress blog.

On a period of 2 days:

~90% of the traffic was Spiders, Bots, Crawlers from Google, Baidu,
~8% of the traffic were attempts to register an account like the one below:
~2% were real visitors

All this happened because the website was pretty good indexed and it had a good domain name (IT Security News).

– Keep an eye on WordPress’ statistics

The situation improved a bit now, because WordPress took stance and rejects now all login attempts from “known” IPs.

This is how it looks now (period of a few months since I reset the statistics):

The blocked malicious login increases with about 100 attempts per day.

Unfortunately, you don’t see these things using services like Google Analytics or even WordPress’ own JetPack statistics.

You just see visitors if you look at the top level statistics…

Only if you dive deeper in the stats, you can see that many visitors – the vast majority if you are under attack or your site is being indexed by spiders and robots, will stop at the Home level. They don’t go further as they are satisfied by the meta keywords of the website, which are usually found in every page, including the Home page.

What can you do?

Well, the first thing to think about is if you want to do something about it. If you block spiders and robots, you will no longer be found by search engines. You probably don’t want this.

You can block however, malicious login attempts. There are tips how to harden WordPress. More or less the same applies to other platforms.

Or you can install a firewall plugin for WordPress and configure it to block the IPs which attempt to apply brute force.

Sorin Mustaca, CSSLP, Security+, Project+

www.sorinmustaca.com

FritzBox users: protect your network for free!

If you are living in Germany, Austria or Switzerland, there is a high chance that you are using one of the AVM’s FritzBox for your broadband connection. The FritzBox is a very small device which runs a PowerPC processor and between 16 and 32 MB RAM. This is almost nothing! So, you can’t install antivirus […]

How to enable two-factor authentication for Tumblr

More and more social media websites and not only are enabling two-factor authentication in order to secure their users better. Following all other major portals, now also Tumblr allows users to enable it. Here is how to activate it in easy steps: Visit your account settings. Click the “Two-factor authentication” switch. Enter your […]

Evernote hacked – all users have to change passwords

This is how the nightmare of having a bad press starts: Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service. As a precaution to protect your data, we have decided to implement a […]

Like this:

Like this:

Like this:

IT Security News (EN)

IT Sicherheitsnews (DE)

Improve Your Security Ebook

Share this:

Like this:

Related

Related Posts

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: