Many accesses to Home from the same IPs

We have an unusually high number of accesses to our Home "index.php". Now I have taken a look at these accesses in the access_log. There are probably 15 IP numbers that access our homepage at least once a minute. They do not always come with the same IP, so they vary the last block of the IP Number. Google Analytics seems to classify these accesses as a bot and does not count them. No bot is visible in the user agent. I have to say that we use a Cloudflare CDN and the IP number is read from the header "Cf-Connecting-Ip". I can now block these IP ranges in htacess, but I would like to know why these accesses are happening. Does anyone have an idea or the same phenomenon?

micmue said:

I can now block these IP ranges in htacess, but I would like to know why these accesses are happening. Does anyone have an idea or the same phenomenon?

Click to expand...

Why you want to block them? are you sure they are bots to block?
I think they are real visitors and you should allow them unless they are making your hosting overload.

try a reverse ip adress
keep an eye so your domain/ip dont ends up black listed

Look at whois addresses, if you don't like it, block it. It is difficult to answer the question "why this happens" maybe someone decided to scan you, it would not be bad if you sent the logs, then it would be possible to say more precisely.

micmue said:

We have an unusually high number of accesses to our Home "index.php". Now I have taken a look at these accesses in the access_log. There are probably 15 IP numbers that access our homepage at least once a minute. They do not always come with the same IP, so they vary the last block of the IP Number. Google Analytics seems to classify these accesses as a bot and does not count them. No bot is visible in the user agent. I have to say that we use a Cloudflare CDN and the IP number is read from the header "Cf-Connecting-Ip". I can now block these IP ranges in htacess, but I would like to know why these accesses are happening. Does anyone have an idea or the same phenomenon?

Click to expand...

It's difficult to say for sure without additional information or analysis, but it's possible that these frequent accesses to your index.php file could be caused by a few different things:

Crawlers or bots: It's possible that these frequent accesses are caused by web crawlers or bots that are attempting to index or scrape your website. However, if Google Analytics is not classifying them as bots, it's possible that they are using methods to avoid detection or are otherwise not recognized as bots by GA.

How to check:

1. Look for patterns in the accesses, such as whether they are consistently occurring at certain times of day or from certain geographic locations.
2. Check your server logs to see if the user agents for these accesses indicate that they are bots or crawlers.
3. Use a tool like Botify or Screaming Frog to crawl your website and identify any potential crawlers or bots that may be causing the frequent accesses.
4. Consider using a robots.txt file to block certain bots or crawlers from accessing your website.

Malicious activity: It's also possible that these frequent accesses could be caused by malicious activity, such as a DDoS attack or attempts to exploit vulnerabilities in your website's code.

How to check:

1. Look for any unusual or suspicious behavior in the accesses, such as repeated attempts to access restricted areas of your website.
2. Check your server logs to see if there are any indicators of a DDoS attack, such as a large number of requests from the same IP range within a short period of time.
3. Use a web security scanner, such as OWASP ZAP or Burp Suite, to scan your website for vulnerabilities that could be exploited by malicious actors.
4. Consider implementing security measures like firewalls or intrusion detection systems to monitor and prevent malicious activity.

Traffic spikes: In some cases, frequent accesses to a website's homepage could simply be caused by a traffic spike or increase in user activity. However, if the accesses are consistently occurring every minute and from the same IP ranges, it's less likely that this is the case.

How to check:

1. Look for patterns in the accesses, such as whether they are occurring during peak traffic times or in response to a particular marketing campaign or event.
2. Check your analytics tools to see if there are any indications of increased user activity or engagement on your website.
3. Use a tool like Pingdom or Google PageSpeed Insights to monitor your website's performance and identify any potential performance bottlenecks that could be contributing to the traffic spikes.
4. Consider implementing load balancing or caching solutions to handle increased traffic to your website.

If you suspect that these frequent accesses are not legitimate, you could consider blocking the IP ranges in your .htaccess file or using Cloudflare's firewall to block the traffic. However, it may be worth investigating the root cause of the issue further to determine if there is a larger problem that needs to be addressed. You could try analyzing server logs, using a tool like Google Analytics Real-Time to monitor the accesses in real-time, or consulting with a web security specialist to investigate the issue further.

Hope it helps!