We are seeing a lot of http requests to legitimate URLs on our web server... the URLs are pages that do auto redirects to other content pages. The redirects are collecting site stats and the high number of requests are knocking the tracking stats out way out of whack compared to the norm. Essentially someone is pretending to browse our content, over and over again.... Throwing our stats into a mess.
The problem is that the 'culprit' appears to be from multiple IP addresses, mostly in our own city proximity and using slightly different host headers... so they are trying hard to look like legitimate traffic... it is next to impossible to differentiate between what is legit and what is fake (the only give away is the frequency of the pages visited and that the stats have jumped significantly). The IP addresses keep changing as well. My knowledge of current spoof technics is limited, but I am under the impression that it's pretty hard to spoof an IP address for an http request. We are definitely serving up the pages and redirecting, so they are getting responses which implies that they are real computers doing this work. At first look I see no way to stop this type of situation (still trying to figure out this). Does anyone have any advice on how to handle something of this nature either on the webserver side or pfSense side? All suggestions are welcome. Chuck
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
