Many accesses to Home from the same IPs

micmue

New member
Registered
Joined
Nov 8, 2022
Messages
1
Points
1
We have an unusually high number of accesses to our Home "index.php". Now I have taken a look at these accesses in the access_log. There are probably 15 IP numbers that access our homepage at least once a minute. They do not always come with the same IP, so they vary the last block of the IP Number. Google Analytics seems to classify these accesses as a bot and does not count them. No bot is visible in the user agent. I have to say that we use a Cloudflare CDN and the IP number is read from the header "Cf-Connecting-Ip". I can now block these IP ranges in htacess, but I would like to know why these accesses are happening. Does anyone have an idea or the same phenomenon?
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,498
Points
63
I can now block these IP ranges in htacess, but I would like to know why these accesses are happening. Does anyone have an idea or the same phenomenon?
Why you want to block them? are you sure they are bots to block?
I think they are real visitors and you should allow them unless they are making your hosting overload.
 

portuguesedude

Well-known member
Registered
Joined
Nov 1, 2017
Messages
138
Points
18
try a reverse ip adress
keep an eye so your domain/ip dont ends up black listed
 

artemsereda

Member
Registered
Joined
Jul 13, 2022
Messages
38
Points
6
Look at whois addresses, if you don't like it, block it. It is difficult to answer the question "why this happens" maybe someone decided to scan you, it would not be bad if you sent the logs, then it would be possible to say more precisely.
 

Kaz Wolfe

Well-known member
Registered
Joined
Jul 7, 2016
Messages
609
Points
28
We have an unusually high number of accesses to our Home "index.php". Now I have taken a look at these accesses in the access_log. There are probably 15 IP numbers that access our homepage at least once a minute. They do not always come with the same IP, so they vary the last block of the IP Number. Google Analytics seems to classify these accesses as a bot and does not count them. No bot is visible in the user agent. I have to say that we use a Cloudflare CDN and the IP number is read from the header "Cf-Connecting-Ip". I can now block these IP ranges in htacess, but I would like to know why these accesses are happening. Does anyone have an idea or the same phenomenon?
It's difficult to say for sure without additional information or analysis, but it's possible that these frequent accesses to your index.php file could be caused by a few different things:

Crawlers or bots: It's possible that these frequent accesses are caused by web crawlers or bots that are attempting to index or scrape your website. However, if Google Analytics is not classifying them as bots, it's possible that they are using methods to avoid detection or are otherwise not recognized as bots by GA.

How to check:
  1. Look for patterns in the accesses, such as whether they are consistently occurring at certain times of day or from certain geographic locations.
  2. Check your server logs to see if the user agents for these accesses indicate that they are bots or crawlers.
  3. Use a tool like Botify or Screaming Frog to crawl your website and identify any potential crawlers or bots that may be causing the frequent accesses.
  4. Consider using a robots.txt file to block certain bots or crawlers from accessing your website.
Malicious activity: It's also possible that these frequent accesses could be caused by malicious activity, such as a DDoS attack or attempts to exploit vulnerabilities in your website's code.

How to check:
  1. Look for any unusual or suspicious behavior in the accesses, such as repeated attempts to access restricted areas of your website.
  2. Check your server logs to see if there are any indicators of a DDoS attack, such as a large number of requests from the same IP range within a short period of time.
  3. Use a web security scanner, such as OWASP ZAP or Burp Suite, to scan your website for vulnerabilities that could be exploited by malicious actors.
  4. Consider implementing security measures like firewalls or intrusion detection systems to monitor and prevent malicious activity.
Traffic spikes: In some cases, frequent accesses to a website's homepage could simply be caused by a traffic spike or increase in user activity. However, if the accesses are consistently occurring every minute and from the same IP ranges, it's less likely that this is the case.

How to check:
  1. Look for patterns in the accesses, such as whether they are occurring during peak traffic times or in response to a particular marketing campaign or event.
  2. Check your analytics tools to see if there are any indications of increased user activity or engagement on your website.
  3. Use a tool like Pingdom or Google PageSpeed Insights to monitor your website's performance and identify any potential performance bottlenecks that could be contributing to the traffic spikes.
  4. Consider implementing load balancing or caching solutions to handle increased traffic to your website.
If you suspect that these frequent accesses are not legitimate, you could consider blocking the IP ranges in your .htaccess file or using Cloudflare's firewall to block the traffic. However, it may be worth investigating the root cause of the issue further to determine if there is a larger problem that needs to be addressed. You could try analyzing server logs, using a tool like Google Analytics Real-Time to monitor the accesses in real-time, or consulting with a web security specialist to investigate the issue further.

Hope it helps!
 
Latest Threads
Replies
0
Views
122
Replies
1
Views
77

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top