: Lots of suspicious but normal-looking web traffic at a single URL - should I be concerned? We recently moved some pages around on our site without bothering to put any redirects in place, and
We recently moved some pages around on our site without bothering to put any redirects in place, and we started to notice something interesting. One of the pages we moved was receiving a surprising amount of strange traffic, which are now showing up in the broken link reports.
The traffic doesn't appear worrying (just normal page requests with no odd query strings now showing up as 404's), but:
It all originates from sketchy domains in Russia and China like you normally see doing port scans and other malicious activities.
It's all directed at this one particular page out of hundreds on the site.
99% of the User-Agent strings indicate IE 6.0 on Windows Server 2003
Should we be worried? It doesn't seem like (especially now that we've moved the pages) any harm can come from this, as the amount of traffic certainly doesn't rise to the level of a DoS attack. However, the traffic does look like it's coming from infected computers. Why would this be happening at all? Thanks in advance.
More posts by @Annie201
2 Comments
Sorted by latest first Latest Oldest Best
If the name of the page is a common name I would not be too concerned altough I would check my current patch levels as this might come from any number of vulnerability databases such as MetaSploit uses.
If it is a file which could only refer to something on your site, I would be slightly concerned, and I would set up a redirect to a separate server to see what the result is of this request on my site. It could be harmless, or it could indicate that you are or have been the target of something.
Yes, this is a cause for (mild) concern as someone, somewhere thought that page or the server was possibly vulnerable to something. Although traffic levels are not currently at DoS or DDoS levels that's merely a setting somewhere so ignoring the warning signs are probably not in your best interest.
As for why it is happening at all, it could be that a scan returned something that resulted in them doing a more thorough test of your defenses or it could be something else altogether more benign (an index-building bot) or less benign. There really isn't enough information to know at this time.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.