1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

heavy hitting IP management

Discussion in 'Site & Server Administration' started by Jin2, Jan 10, 2017.

  1. #1
    hello I would like to know how to handle certain heavy hitting IP

    once in a while I look at the awstats logs and find some abnormally heavy hitting IPs
    for example
    ip68-231-211-53.oc.oc.cox.net   81 921   82 470   52.79 Mo   10 Jan 2017 - 07:48
    c-5eeaaa91-74736162.cust.telenor.se   59 983   61 441   107.82 Mo   10 Jan 2017 - 03:41
    Code (markup):
    Not only the page views are abnormally high for a single individual but the page/hit ratio is also abnormal

    I don't think it is a ddos attack because I have ddos protection, I assume this activity is the result of some kind of script, not sure if malicious or not

    I have two questions :
    1. should I ban these IP
    2. is there a way to automatically detect this kind of activity and ban the offenders?
     
    Jin2, Jan 10, 2017 IP
  2. Zoti Media Group

    Zoti Media Group Notable Member

    Messages:
    1,598
    Likes Received:
    113
    Best Answers:
    2
    Trophy Points:
    265
    Digital Goods:
    2
    #2
    How much ddos protection you have? If you see thousend of those hits then is a amplification attack. Those are spoofed ips so you cant ban them. Voxility can handle thise attacks better as any other provider.
     
    Zoti Media Group, Jan 10, 2017 IP
  3. Jin2

    Jin2 Member

    Messages:
    30
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    43
    #3
    No idea about the anti ddos settings, but I did get a ddos blocked notification once, it was a bruteforce attack on a freshly installed webmin control panel.

    I'm pretty sure this isn't a ddos attack after inspecting the activity of these IPs
    the offenders were actually loading pages, so most likely crawlers

    I would like to block that kind of script activity though, I get no benefit from it, it slows down the sites and decreases legit traffic and ad revenues

    There isn't stock softwares that could automatically detect these abnormal activities and ban the offenders ?
    of course there should be an exception for search engines which are beneficial
     
    Jin2, Jan 10, 2017 IP