Suspicious clicks to website

  • Resolved wolfel

    (@wolfel)


    5 years, 7 months ago

    Hello, recently in the logs I found suspicious transitions that mention other people’s sites. Should I worry and block things like that or is it normal?

    Usually links to sites insert bots. I checked the site for viruses and links and found nothing.

    Example:

    
"37.229.245.204 - - [23/Jul/2019:14:24:26 +0300] "GET /obzor-transport-fever/ HTTP/1.0" 200 126484 "https://velpanex.ru/shop/29/desc/obeliva5" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36"
37.229.245.204 - - [23/Jul/2019:14:24:27 +0300] "GET /obzor-transport-fever/ HTTP/1.0" 200 126484 "https://velpanex.ru/shop/29/desc/obeliva5" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
37.229.245.204 - - [23/Jul/2019:14:24:27 +0300] "GET /obzor-transport-fever/ HTTP/1.0" 200 126484 "https://velpanex.ru/shop/29/desc/obeliva5" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
37.229.245.204 - - [23/Jul/2019:14:24:29 +0300] "GET /obzor-transport-fever/ HTTP/1.0" 200 126484 "https://velpanex.ru/shop/29/desc/obeliva5" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36"
37.229.245.204 - - [23/Jul/2019:14:24:29 +0300] "GET /obzor-transport-fever/ HTTP/1.0" 200 126484 "https://velpanex.ru/shop/29/desc/obeliva5" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36""

178.137.83.216 - - [23/Jul/2019:11:33:55 +0300] "GET /all-items-mountain-base-tomb-raider-2013/ HTTP/1.0" 200 133249 "https://www.pechikamini.ru/" "Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.01"
178.137.83.216 - - [23/Jul/2019:11:33:56 +0300] "GET /all-items-mountain-base-tomb-raider-2013/ HTTP/1.0" 200 133249 "https://www.pechikamini.ru/" "Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.01"
178.137.83.216 - - [23/Jul/2019:11:33:56 +0300] "GET /all-items-mountain-base-tomb-raider-2013/ HTTP/1.0" 200 133249 "https://www.pechikamini.ru/" "Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.01"

178.137.83.216 - - [23/Jul/2019:12:14:17 +0300] "GET /all-items-mountain-base-tomb-raider-2013/ HTTP/1.0" 200 133249 "https://migronis.com/" "Opera/7.54 (Windows NT 5.1; U) [pl]"
178.137.83.216 - - [23/Jul/2019:12:14:18 +0300] "GET /all-items-mountain-base-tomb-raider-2013/ HTTP/1.0" 200 133249 "https://migronis.com/" "Opera/7.54 (Windows NT 5.1; U) [pl]"
178.137.83.216 - - [23/Jul/2019:12:14:18 +0300] "GET /all-items-mountain-base-tomb-raider-2013/ HTTP/1.0" 200 133249 "https://migronis.com/" "Opera/7.54 (Windows NT 5.1; U) [pl]"

    In the examples I have indicated only some links to sites. Already today I noticed at least one more similar link. I hope for help, thank you.

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Those are referrer URLs. It may be that those sites have links to yours or someone is faking the referrers. Given that they all come from the same IP address, it’s probably the latter. I wouldn’t worry about it.

    Thread Starter wolfel

    (@wolfel)

    I am sure that these sites can not be links to my site. Absolutely different subjects. As I understand it will protect against such things, I can only by blocking their ip? Maybe there is any functionality that is referring to the black list sites?

    I do not understand what benefit these people from such requests …

    What it gets is referrer spam.

    Basically, “bad” SEO places are trying to get backlinks by putting their referring URL’s in publicly-accessible log files. It’s one of the lowest level things that can be done, but it’s popular because it’s easy to do, and does get a few results because not everyone knows to hide log files.

    Thread Starter wolfel

    (@wolfel)

    Thanks to all for the help, it seems I have found several solutions.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Suspicious clicks to website’ is closed to new replies.