Way back last year, I wrote about how one of my sites was under attack by some kind of zombie robot traffic – all without referrers, all reporting IE browsers, from all over the world, just coming and coming and coming, until almost two months later on the nose, the attack stopped, as mysteriously as it started.
Well guess what, boys and girls – THEY'RE BAAAAACK!
On November 12, 2013, the same site that was hit before started showing a huge increase in direct traffic. It was, on the one hand, very similar to the previous attack, and on the other hand, there were some important differences this time around.
- The site under attack is the SAME site that was hit before – and (so far) ONLY this site has been hit.
- Still not reporting any referrers
- Many ISP and IP numbers from all over the world
- All reporting Windows (XP through Windows 7 – NO Windows 8, and 95% Windows 7)
- All reporting IE browsers (versions 8 and up)
- Still a slow drip – never so much as could be considered a DDOS, but just enough to be annoying and stand out.
- Many of the same IP numbers come back two or three times a day.
New and Updated for 2013:
- This time, reporting some mobile sized viewports; previously mostly laptop viewports.
- Last time, the attack only hit the home page of the site. Now it's hitting the home page plus three taxonomy pages.
- Last time they started big, and slowly tapered down. This time (as evidenced by the screenshot below) they started slow, and are ramping up.
Since they're hitting an AdSense site, we're now serving AdSense only to users with some kind of referrer.
It's interesting also to note that they're not hitting any taxonomy pages that were added since the last attack.
Will they suddenly stop on January 12, 2014 having completed their mission? What is their mission, anyway? The site is otherwise perfectly healthy, and performing well in all channels; there's no hacking (nor even hacking attempts) and as far as I could tell the bots weren't even trying to click on the ads (I just took them off to be safe). I have read about some Windows viruses that hit particular sites over and over looking for some kind of remote control to tell them what to do next, but I'm pretty sure I don't have any such on this site.
Mostly I have no answers; I am just posting this because I got so many responses and emails about the last attack, I wanted to put this out there to see if anyone else was getting hit again too.