I have been administering AmeriCymru since 2006. It was formerly hosted on the Ning platform. Obviously over the last 17 years I have formed a pretty good idea of what constitutes 'normal' traffic on the site. Yes there are constant fluctuations but I can usually account for those....unusually popular articles, mailshots etc. The current traffic patterns bear no relation to the norm.
1. I frequently check 'suspicious' IP's on Abuse IPD. Recently I have been visited by many Tor nodes and a large number of other IP's that score 100% 'Confidence of Abuse' on that site. When I click one of these off another dirty IP frequently takes its place almost instantly.
2. Many of the IP's I see in the logfiles are spoofed. That is to say, they purport to be from the US, Australia or Canada and they turn out to be from Romania, Bulgaria, Singapore, Wuhan etc. This is not entirely new BUT the sheer volume of such visits IS.
3. For the last three days there have been constant image download requests , each from a different IP. These 'visitors' do not browse the site at all. They simply appear attempting to download an image ( different image, different IP every time ) and then they sit there without going anywhere else on the site. There have been hundreds if not thousands of these over the past few days.
4. Yesterday when I looked at the logfiles I saw 2 IP's requesting "..../banned/browse". This of course is an admin page which is only viewable by logged in admins . SO....they wouldn't have been able to view it BUT why did they request it?
I am happy to provide screenshots of all this 'activity' in my logfiles if necessary.
Ceri Shaw - AmeriCymru
updated by @adolygwr: 10/25/23 02:02:42PM