page view fraud attack?

Started by stayman, October 10, 2014, 07:00:19 PM

Previous topic - Next topic

stayman

We are current experiencing some fraud page view on our sites.
We use clicky, google analytic, and new relic to monitor our sites. The entire page view increased by 50% since yesterday. According to the info collected on clicky, these page views last exactly 10 seconds, only hitting our home page "/". Each page view has a distinct source ip. We can also observe this behaviour in google analytic. However, in New Relic, the transaction throughput of home page doesn't go up even a little bit. So it appears to me that there's some bot or TOR network which understand js, and our pages are cached somewhere.
The fraud page views send a lot of noise to our advertisement system.
I really don't have any idea how to stop it, because it looks like they are not even accessing our servers. Any help would be appropriated. Thanks.

ZEROF

Hi,

You need to provide us more information about your system configuration. From what i can see you need to set some limits for the number of connections per IP. If you are on shared hosting  you can ask your provider for solution, if you have your VPS/server with apache you can use  mod_bw module, if you are using nginx i guess some solutions are around and if you are using Hiawatha is even better because all what you need is to set few lines inside your config file etc ...

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

stayman

Hi ZEROF,
Thx for ur reply.
First of all, this is not a DDos attack. I don't think the page views are making requests to our server, since our server throughput doesn't increase. There's nothing to do with our configuration. Our site is not affected at all. The problem is that our analytic data get polluted, and totally unusable, and advertisement system lose the track of the real impression, click-through, etc.
Second, we collected a sample of the fraud page views manually. Seems each ip only views the page once.