These days Apogee blog articles get an average of 25 hits over the initial week of publishing. Hits are tracked at actual clicks on the article, either to look more closely at it or to print it out. So when a couple of new articles suddenly registered more than 2,000 hits in just over 24 hours, it raised some flags.
They like me, they really like me
Had we suddenly become super popular? Were we swept up in a tidal wave of traffic caused by some big kahuna website linking to our website? Had there been a software malfunction?
Or had there been a surge in hacking?
Just the facts ma'am
Our investigation started with Google analytics to see if we had actually gotten a surge in visitors. The Google platform records the visits of anyone who has not turned off Javascript and gone into stealth mode
We can assume that a higher than normal amount of visitors do so in stealth mode, given the nature of our editorial focus, but 1800+? No man I don’t think so.
Catch a wave and you’re sitting on top of the world
It’s not uncommon for a wave of traffic from a big site to crash upon the shores of a small island of the internet like ours. The picture below shows which sites link to our site.
As you can see, we do get a significant amount of link traffic from wifcon.com. The picture shows 63 links from that site; so this could be our big kahuna, but 63 was not enough to generate the spike in article hits that we saw.
The next step was to look at our total raw traffic.
One report to rule them all
Website server statistics record every request made be it bot or bureaucrat. So if we have a surge of requests this is where we will find them.
While we can see, in the above picture, some fluctuation in the month to month statistics, no increase in raw hits correlates to a higher than usual blog post request from the database. That wasn’t it, but if it wasn’t a higher frequency than it must lie in the individual requests.
Quick -- to the Apache logs!
Monkey see Monkey hack
Up until now, we have been looking at abstractions of the data. As we take step after step through these meaningful groupings our answer has eluded our grasp. Thus, we must delve past the reports and charts into the transaction logs of our Apache web server.
Apache logs are a record of every action taken to access information on the site. We churned through 250,000+ records and found that some of our fine visitors had been using various hacking tricks like SQL injection to get past the site's defenses. In their failed attempts, they triggered requests for the blog posts and those requests inflated the individual article hit counter.
As it turns out we were not sudden rock-stars. We were just another site being attacked.
Who Are you?
In the last two years, there have been one or two news events that you may not have noticed. To recap, some email got wikileaked and western democracy was hacked. So who seeks to break in like some looter during a riot? As it turns out everyone from Russia to the great state of Kansas. Those of you that know your geography with notice, in the picture above, that we field attention from Korea, Iran, and France too.
Would you like to play Thermonuclear War?
As we settle into the post-nuclear age -- a time where the next world war will be fought with cyber armies in “non-kinetic” battles (and if you have been paying attention), it's clear that the war has already started. When your work focuses on U.S. Government issues; it seems that hack attempts are simply a cost of doing business.
In conclusion, as Doctor Who might say: Stay calm and encrypt everything!
| < Prev | Next > |
|---|
