Knowledgebase
Awstats – “Undesireable” traffic sources being reported
Posted by - NA - on 16 April 2013 04:53 PM
Awstats – “Undesireable” traffic sources being reported
 
 
We have had a lot of questions from Awstats users about finding “undesireable” traffic sources listed within their stats. 
 
 
Some examples of what you may see in your ‘Connect to site from’ area:
 
http://evuln.com/tools/malware-scanner/yourdomain.com/
http://icom.to/de/chat/35----chillout-radio--3---chillbox---/
http://www.finddotcom.com
 
 
These traffic sources may look like traffic from Malware and Adult sites, and may be alarming. 
 
But, generally speaking, there is NOT anything to worry about. 
 
Here is some EXCELLENT information from a thread located at http://forums.hostgator.com/awstats-understanding-see-t85898.html
 

 
"These (undesireable websites) sites are doing referrer spamming. They use robots that send a false referrer (= the address of their site) in order to appear in your stats. 
 
They do that with two goals in mind:
1. if your stats are public, they get a backlink from you
2. even if your stats are private, they hope to get your attention and that you will visit their site. Some of these web sites can even try to load malware in your PC when you visit them.
 
This is annoying but these referrer spammers do not usually create a traffic overload as they just hit a page and leave the site.
 
"too many connections" can mean that the design of your scripts needs to be optimized to reduce the need for connections.
 
AWStats does not list the IP addresses of the bots. You would need to add one or more extra sections to AWStats to get lists of IP addresses of bots. This can be done, but it is probably not needed as you could exclude these bots based on their user agent rather than their IP address."
 

 
So, in a nutshell, there really isn't much to worry about, since these hits to your site are simply being caused by bots, which, unfortunately, are just unavoidable these days! 
 
But, we STRONGLY encourage all Portfoliositez clients to keep an eye on things, and be aware of any signs of danger! If you see any other activity that concerns you, please let us know!
 
What if your site IS hacked???
 
There is a great article available online that highlights the top 5 signs your site has been hacked :)
 
 

 
“1) Google flags your site as harmful
 
If your site attracts the dreaded “This site may harm your computer” message on Google’s search result pages, it’s likely that your site has been hacked.
 
2) Your Google listings change
 
The text that appears underneath your site link on search engines’ result pages should come from a page on your site. Beware if you see text that is unrelated to your site’s content.
 
3) You notice a sudden decrease in traffic
 
If your traffic drops off dramatically, it could be a sign that your visitors are receiving a warning from Google that your site is unsafe (as per point 1). If you saw that warning, you probably wouldn’t visit your site either.
 
4) Your visitors aren’t happy with you
 
Are your visitors getting viruses or antivirus alerts from your web pages?
 
Are they being redirected to another website when they are trying to visit yours?
 
Sound dodgy to you? Yeah, me too.
 
5) Your site contains files or code you don’t recognize
 
Can you see links, text, etc. on any of your pages that you didn’t put there? If so it’s possible that you’ve been hacked.
 
There are certain types of files that you might not recognize that are still okay. Many content management systems which are database driven will regularly store files in specific folders for short periods of time. The files are usually used to speed up you website (cache files). The disadvantage to this is that the location of these files and folders requires a specific set of permissions to be set within your website. This unfortunately becomes an attack surface for common exploits of popular CMS systems.
 
While your site probably does contain files you didn’t put there, but they should be easily identified.  You can examine text files to see if their contents look suspicious using the file manager in both cPanel and Plesk. Don’t delete files just because you don’t recognize them.”
 

 
Again, it's not likely that your site WILL be hacked, but, if you see any of those things happening, you will want to take the following steps:
 
The first thing you would want to do is change any and ALL passwords (cPanel, sitezadmin/wp-admin, etc.)
 
Then, run a complete anti-virus and malware scan on your computer, and remove or quarantine anything found. 
 
Then, contact us, and we can have the server company run a scan on your files themselves, to locate and eliminate anything suspicious on that end :)
 
 
Can I block the bots from accessing my site???
 
This is a bit more difficult that it may seem, but you may want to review this article for help: http://techlunatic.com/2010/12/protect-your-website-from-spam-click-bots-with-these-easy-step/
 
And, if you want to try to block the various IP addresses (this WILL be an endless endeavor), you can track all of the IP addresses in Awstats here:  http://www.iptrackeronline.com/
 
If you have ANY other questions or concerns at all, please contact support@portfoliositez.com!
 
 
 
 
(917 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments: