Foreign hackers on a non-page

  • While monitoring google analytics we have seen over and over users from foreign countries viewing a page that is not part of our site. The page is always the same: ourdomain.com/h/1332447.html

    If you go to that location our site simply displays the “oops page con not be found”

    Has anyone seen this before? We are about 100% sure that whatever these users are aiming at, it’s not good. The only consistency is the page: /h/1332447.html and that they are always listed as being from countries other than the US.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    What does it matter? The page is not on your site. They’re just bots looking for a backdoor. You could put in a 301 redirect if you like that sends them to a nasty message, but they’re bots and they don’t care.

    Thread Starter smallstar67

    (@smallstar67)

    I don’t know that it matters, it’s just really odd. There is no logic to it. IF there was a logic to it, I want to know what that is. Why would a bot pick that nonexistent directory and html page over an over? what purpose could that ever serve?

    • This reply was modified 6 years, 6 months ago by Jan Dembowski.
    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    They may have tried to install a backdoor but failed to do so.

    I get lots and lots and lots of attempts to retrieve oddly named pages that don’t exist on various sites on my server.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Moved to Fixing WordPress, this is not an Everything else WordPress topic.

    This is just a spam bot and there is nothing to worry about. However, you don’t want this being listed as a visit on your site so you need to add a filter in GA.

    If you know how to write in htaccess add this

    ## STOP REFERRER SPAM 
RewriteCond %{HTTP_REFERER} semalt\.com [NC,OR] 
RewriteCond %{HTTP_REFERER} buttons-for-website\.com [NC] 
RewriteRule .* - [F]

    Google how to to add a custom filter and then block any fake sites that you’ve seen. Semalt is huge Autoservice.org and the one you’re seeing now. Most are from semalt though.

    A lot of spam bots are just trying to bog your site down with traffic and can attempt logins or register. If you see fake users registering make sure to delete them. Often their emails will end in .ru and .pl

    • This reply was modified 6 years, 6 months ago by stefsternyc.
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Foreign hackers on a non-page’ is closed to new replies.