Do you really know who’s visiting your website?

May 8, 2015

We live in the world of Analytics where words like “Big Data” are everywhere to be seen.

But, are you really sure that the visitors of your website or blog are really interested in your content?

A few years ago, maybe… But now, the cybercriminals, or more exactly their bots, are trying to gain access to your website to serve their own content to your visitors.

How do we know that?

There are many ways to find that out, but the simplest ones are:

– install a web application firewall

If you have WordPress, you might want to try one of the “firewalls” that are available for free.

You will be astonished to see that a lot of the visitors try to login into your WordPress.

I wrote back in 2013 an article describing the anatomy of a live attack from China on a WordPress blog.

On a period of 2 days:

~90% of the traffic was Spiders, Bots, Crawlers from Google, Baidu,
~8% of the traffic were attempts to register an account like the one below:
~2% were real visitors

All this happened because the website was pretty good indexed and it had a good domain name (IT Security News).

– Keep an eye on WordPress’ statistics

The situation improved a bit now, because WordPress took stance and rejects now all login attempts from “known” IPs.

This is how it looks now (period of a few months since I reset the statistics):

The blocked malicious login increases with about 100 attempts per day.

Unfortunately, you don’t see these things using services like Google Analytics or even WordPress’ own JetPack statistics.

You just see visitors if you look at the top level statistics…

Only if you dive deeper in the stats, you can see that many visitors – the vast majority if you are under attack or your site is being indexed by spiders and robots, will stop at the Home level. They don’t go further as they are satisfied by the meta keywords of the website, which are usually found in every page, including the Home page.

What can you do?

Well, the first thing to think about is if you want to do something about it. If you block spiders and robots, you will no longer be found by search engines. You probably don’t want this.

You can block however, malicious login attempts. There are tips how to harden WordPress. More or less the same applies to other platforms.

Or you can install a firewall plugin for WordPress and configure it to block the IPs which attempt to apply brute force.

Sorin Mustaca, CSSLP, Security+, Project+

www.sorinmustaca.com

How Spaces.Live.com encourages spamming

We analyzed the spam presented in the post called Colorful Spam twist for bypassing Spamfilters and ended the post with the information that the target page is hosted on the spaces.live.com. Of course, as we always do in such cases, we wanted to report several URLs to the Abuse team at live.com. We searched on […]

People have started to read more about security !

Remember by Free eBook “Improve your security” available for free at https://www.improve-your-security.org ? It looks like I started to get more customers since the Corona Pandemic. There are almost 1000 readers ! Go ahead and download your copy for free: https://www.improve-your-security.org/download/

Malware delivered with fake hotel reservations

We wrote last week about Malware delivered with fake Craigslist fax-to-email notifications.This week’s malware delivery mechanism is a fake email notification from the well-known online hotel reservations portal booking.com. The malware is delivered when you click on “Print Booking Details” via an archive which should contain the form with the reservation details. In order […]

Like this:

Like this:

Like this:

IT Security News (EN)

IT Sicherheitsnews (DE)

Improve Your Security Ebook

Share this:

Like this:

Related

Related Posts

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: