Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Blocking Unwanted Visitors

  1. #1

    Default Blocking Unwanted Visitors

    I have an ecommerce site that hasn't been used in several years. I have about 6k products on it and it still gets traffic. I wanted to see what products get traffic so i put a hit counter on it. I've never done that before and the results are kind of interesting. A lot of the hits I'm getting are unwanted. I only do business in the US for the most part. I got a bunch of hits from Vietnam for example. A hit every second for a few minutes for pages that don't exist on the site. Obviously someone up to no good...

    I'm just curious what others are doing to block unwanted traffic to their site.

    Incidentally, I am getting some good information on products being searched. At a minimum it should help me in what products to push. Which product pages to update first etc. I'll have to see where it leads me. I just got it working earlier today and it's not a weekend sort of product line.

  2. #2
    Web Consultant
    Array
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,855
    Blog Entries
    1

    Default

    Quote Originally Posted by billbenson View Post
    I have an ecommerce site that hasn't been used in several years. I have about 6k products on it and it still gets traffic. I wanted to see what products get traffic so i put a hit counter on it. I've never done that before and the results are kind of interesting. A lot of the hits I'm getting are unwanted. I only do business in the US for the most part. I got a bunch of hits from Vietnam for example. A hit every second for a few minutes for pages that don't exist on the site. Obviously someone up to no good...

    I'm just curious what others are doing to block unwanted traffic to their site.
    "Someone is up to no good" is an understatement. Millions of someone's are up to no good and looking for holes to exploit in your site, my site, and every other site on the internet.
    Most times it's not even humans, it's bots.

    Are you seeing that they are being malicious, or just scanning the site looking for holes? Because that's normal now.

    If you really want to you could block all IP's on the planet except those from the U.S.
    I wouldn't do that because you'd also be blocking legitimate users/leads, and people using VPN's just to name a couple.

    The best thing to do is to make sure your software is up to date, your site secure, your server is updated, secure and running the latest version of whatever...and any firewall or brute force plug ins that you can add.
    What software is the site running on? How is it built?

  3. #3

    Default

    Quote Originally Posted by Harold Mansfield View Post

    Are you seeing that they are being malicious, or just scanning the site looking for holes? Because that's normal now.

    The best thing to do is to make sure your software is up to date, your site secure, your server is updated, secure and running the latest version of whatever...and any firewall or brute force plug ins that you can add.
    What software is the site running on? How is it built?
    My next step is going to be to update the software i.e. WordPress on the site. It's an old version. There is just to much to manage otherwise.

    There are a lot of inquiries for pages that don't exist. They would get a 404, but these are the automated 'inquiries' just hammering the site. One thing to note is they are often looking for a file named test or temp or similar. These are file names that could often be used during site development and forgotten on a server. I know I have done this. Bottom line is don't use a file name like this. Oh, there is some SQL injection stuff as well for search forms.

    I'm going to modify the script to quit logging the info I can't use for market research. In 17 hours I'm already up to over 1k lines in the db.

  4. #4
    Web Consultant
    Array
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,855
    Blog Entries
    1

    Default

    An old version of WordPress? I would work under the assumption that it's already infected. You can't let WordPress get old. It's a target like PC's are because so many people use it and if you leave an old exploited version up, someone is going to hit it. Same as anything else. It's like knowing the door is unlocked, and leaving it that way hoping no one will notice and not come in.

    I would take a good, long, hard look at everything from the core files to the themes and all the plug is, and the database to make sure the site is not already compromised before merely updating it and continuing to use it.

    I would also recommend against disabling the logs. No reason to do that. You need the logs to hunt down any real issues.

    Better to fix the problem than to disable the alarm.
    Last edited by Harold Mansfield; 01-27-2019 at 02:55 PM.

  5. #5

    Default

    I am assuming there may be files that exist that shouldn't be there in my wp install. There also may be files that have been modified. These wouldn't be caught in a standard update depending on the file. How would I find these? I'm not a WP expert so they won't stick out to me unless they have a 'stupid' name.

    Also, what other than the above should I look for?

    I am running WP 4.3.18. Should I just update or how should I go about updating?
    Last edited by billbenson; 01-30-2019 at 11:52 AM.

  6. #6
    Web Consultant
    Array
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,855
    Blog Entries
    1

    Default

    Quote Originally Posted by billbenson View Post
    I am assuming there may be files that exist that shouldn't be there in my wp install. There also may be files that have been modified. These wouldn't be caught in a standard update depending on the file. How would I find these? I'm not a WP expert so they won't stick out to me unless they have a 'stupid' name.
    The easy way is to have your host do a scan. But depending on the host, especially if they're one of the ones who uses Sitelock, I wouldn't trust their assessment much. If you're confident you have a solid host, go to them first.

    If I were doing it myself...
    1. Make sure that you still need every plug in that you previously installed. Many may be obsolete or haven't haven't been updated in a while. Get rid of those.
    2. Get rid of any themes other than the one you are using, and the default WordPress themes.
    3. Check with your theme's developer to see if there are updates. If there aren't or there haven't been in a while, be prepared that your theme may not work with an updated version of WordPress, or your plug ins. Especially Woo Commerce.

    4. Then I'd delete wp-admin, wp-includes, and all the files EXCEPT wp-config and .htacess (leaving the wp-content folder, wp-config, and .htaccess), and reinstall the ones you deleted from a fresh download of WordPress.

    Generally hacks, infections and other bad stuff will try and take over index.php, .htaccess, wp-config, or will add files onto your installation that should not be there. Since you're deleting and replacing the root files, index.php is handled.

    Open wp-config and .htaccess and see if anything looks out of the ordinary. If you're not familiar with what should be in those files including what a plug in may have added legitimately , that's going to be difficult. Sometimes it's obvious, sometimes it's subtle.

    If you're not familiar with what a normal WordPress installation looks like, and aren't familiar with what yours specifically should look like, it's going to be difficult to do this.

    First things first, try and get some indication if you even have an infection or anything bad has been placed on your installation.
    In my sig there's a link "Test your website", there are links to a bunch of online scans that you can run it through to see if anything pops.

    Once you've updated everything, you should also install https://wordpress.org/plugins/better-wp-security/ to scan it, and protect it.

    Quote Originally Posted by billbenson View Post
    Also, what other than the above should I look for?
    Compare your installation with a fresh download of WordPress and see if you have any extra files or folders that you can't account for.

    Common places that hackers or malware likes to hide are in wp-content, in outdated plugin or theme folders, wp-content/uploads, or sometimes they'll create a folder inside wp-content that looks legit like mu-plugins which you don't need on a normal installation.

    If a file looks suspect, open it. It's unlikely that it's any kind of trojan horse designed for your computer because it's in your website files and trying to do it's thing there (PHP, Js, SQL and so on).
    Last edited by Harold Mansfield; 01-31-2019 at 07:27 AM.

  7. #7

    Default

    Thanks, Harold. That's really helpful. It looks like my version of WP goes back to 2017. So far, I can't find anything to indicate I've been hacked... We'll see.

    Incidentally, I put the hit counter in the header file. Anytime the header gets served, I get a hit. If there is a better place for the hit counter, let me know. My real intention is to see what real visitors are searching for. I am getting that info.

    Some of the search terms are interesting. A lot of 'apple' terms as well as one I just looked at 'wp-login.php;'. Just a lot of stuff where programs are just looking at or for files someone might have stuck on their server. I'm not being singled out, it's just random stuff. If someone really wanted to get into my site, it would look different. Amazing that most of your site traffic is malicious though!!

  8. #8
    Web Consultant
    Array
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,855
    Blog Entries
    1

    Default

    There are a ton of old WordPress exploits that anyone can find. People and bots are constantly scanning sites to see if they're not updated or haven't patched vulnerabilities.
    These aren't people who really want to get in, they're just looking for an easy target. If someone really wanted in and had the skills you wouldn't be able to stop them. Same as everyone else online.

  9. #9

    Default

    You can see the products which are getting traffic using google analytics. Blocking the traffic other products is not a good idea since traffic is free and they purchase it will be beneficial for your business.

  10. #10
    Web Consultant
    Array
    Join Date
    Aug 2008
    Location
    Las Vegas
    Posts
    9,855
    Blog Entries
    1

    Default

    Another common hiding spot for malware is in outdated themes 's header, footer and sidebar files. Also, SQL injections, so you want to check your database...run an update and repair of your tables.
    There's so many different ways and reasons that people do this that it's hard to narrow it down to a crowd favorite, but what I've listed are the most common areas that I've seen over the years.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •