What would you guess is going on here?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

What would you guess is going on here?

Post by s.dot »

My statistics counter that I made is showing about 260 guests online ALL the time. Quite a bit unusual

so I looked it up an phpmyadmin and got the following results

Code: Select all

1291 24.211.10.238 1148534191 /index.php 
      1289 71.140.91.74 1148534191 /index.php 
      1288 70.31.229.12 1148534191 /index.php 
      1285 65.29.93.164 1148534191 /index.php 
      1282 24.117.81.17 1148534191 /index.php 
      1275 74.128.202.184 1148534191 /index.php 
      1272 24.166.92.62 1148534191 /index.php 
      1271 200.113.181.156 1148534191 /index.php 
      1269 72.30.110.137 1148534191 /index.php 
      1268 72.30.107.92 1148534191 /index.php 
      1266 71.109.35.211 1148534191 /index.php 
      1265 207.195.55.144 1148534191 /index.php 
      1250 64.233.166.136 1148534191 /index.php 
      1246 69.181.83.57 1148534191 /index.php 
      1236 67.139.119.79 1148534191 /index.php 
      1228 74.225.105.104 1148534191 /index.php 
      1222 64.229.225.123 1148534191 /index.php 
      1216 24.166.19.103 1148534191 /index.php 
      1212 24.22.80.98 1148534191 /index.php 
      1210 66.194.6.72 1148534191 /index.php 
      1208 205.208.227.46 1148534191 /index.php 
      1207 69.211.84.164 1148534191 /index.php 
      1199 72.30.128.13 1148534191 /index.php 
      1191 70.249.66.57 1148534191 /index.php 
      1189 65.95.51.86 1148534191 /index.php 
      1185 72.30.98.84 1148534191 /index.php 
      1184 207.118.91.200 1148534191 /index.php 
      1182 71.247.10.110 1148534191 /index.php 
      1173 65.3.76.239 1148534191 /index.php 
      1166 72.30.98.30 1148534191 /index.php
That's ID - IP - TIME- PAGE

5 minutes later the page will change, they will all be /login.php, then 5 minutes later /showthread.php

What's going on?

[edit] I meant to put this in security. Sorry guys.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

I don't believe they're trying to brute force a login. Because I log failed login attempts, and after 5 fails, make them wait 15 minutes.

And nobody's showing up as even failing once.

Could they be attempting to sniff the posted passwords?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
AGISB
Forum Contributor
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Post by AGISB »

It might be a buggy spider of a search engine or some hacker who looks for exploits.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

It's up to 325 unique ips crawling the site right now =/

Now they're on index.php
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Likely what AGISB suggested - either some buggy bot (what's the client profile? user agent?) or someone scanning your site for potential vulnerabilities.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

It could be someone experimenting with ddos bots... not to their full potential (~300 bots is something to sneeze on, generally).
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

accidental overwrite of other records when updating?
GM
Forum Contributor
Posts: 365
Joined: Wed Apr 26, 2006 4:19 am
Location: Italy

Post by GM »

feyd wrote:accidental overwrite of other records when updating?
Exactly what I was thinking... I reckon something's overwriting the time and location fields of all the records instead of just the one. Could also be combined with a lack of garbage collection on old records?
Post Reply