Post
Has anyone running a website figured out this sudden spike in traffic from Singapore/China?
https://www.reddit.com/r/SEO/comments/1nfxym2/increased_direct_traffic_from_china_to_homepage/
https://analytics.usa.gov, a public analytics dashboard for US government sites is showing almost 30% of traffic over the last 30 minutes coming from these two locations.
@stefan 100%. But it began over a month ago. I help a library with their website, and we got some notices from their host about traffic overages. 90% of that new traffic was from China and Singapore. So much that we had to block those locations.
@markwyner Yeah, that's unfortunate, but understandable. Really hate how these cowards won't even tell you who they are, they know exactly what they're doing.
@stefan haven’t figured it out but I’m definitely curious if you find out anything!
@stefan Yep, my AMF blog been under attack since mid-october, mostly from China IPs now, previously from Brazil (spoofing?).
Have a huge list of IP ranges I block and update regularly (622 entries so far).
It's all "direct access" (no referrer, with generic UserAgent) to various URLs (posts/tags/categories), with 100% rebound.
IA? Probably.
@stefan The IP ranges are usually described as "Direct Allocation" or "Portable" - which means IMHO it's not IPs used by endusers but datacenters / hosting providers.
Not figured out, but saw this starting about two weeks ago on my (actually pretty insignificant) websites.
The attack patterns were requests to a page they obviously assumed would trigger an elaborate database query, plus an astonishing amount of request timeouts for arbitrary pages, to keep my server busy.
Stopped that via a combo of rewrites, fail2ban and Anubis. Still, the page with the presumed database query gets hammered, but a rewrite instantly takes care of that. The corresponding fail2ban "jail" has a little over 50K banned IPs at the moment, though.
Anyway, its not creating any significant server load anymore. I wonder why anybody would waste so many resources in return for nothing, but well…
@stefan If you switch dropdowns on that U.S. government site to select specific agencies, you can see the traffic is disproportionately focused on certain agencies as well (like the DoD, in particular https://analytics.usa.gov/defense)
@stefan Something's up with this top video download. CSV gives the video title as such a long string of "A"s with "Deng" in the middle and "sJtb292" near the end that the title won't actually fit in this toot.
@stefan yeah, seen that recently. Last week it was a spike in FR and today a weird spike from NL.
All have the same UA, but use different IPs.
Maybe I'm jumping to a conclusion that this is AI-related, but if that is the case, I am just tired of this nonsense.
@stefan doesn't seem to exactly match any of the bots hitting my honey trap as far as I can tell, although I have been seeing a spike since around the 16th October.
https://evilgeniusrobot.uk/botnet-reports/20251031-millicent-moonlighting.html
A space for Bonfire maintainers and contributors to communicate
