The annoyance of scripted views
In August 2013 I wrote a post titled ‘What has happened to my wordpress views‘ which was bemoaning the fall away in my blog views in that month. As it happened, that seemed to be a seasonal thing and as I’ve continued to add posts to my site the traffic has gradually grown as my pages get found by search and social media users.
Well this week I experienced the opposite of that problem.
At about 10pm on Sunday I looked at my stats and I had about 850 views recorded for that day. That was a normal sort of figure and I was quite pleased that a post I added about a trip to Bennington Lordship had been moderately successful in generating some views. About 10 minutes later I picked up my phone, and it happened to have the WordPress stats page on view. I saw the number was about 6000 and assumed that was the weekly view page and went to change it. However, it wasn’t weekly views showing it was daily views. I refreshed the page and the number shot up to about 8000. Over the course of the next 10 minutes I got around 17000 views which were of all the pictures on my latest post viewed about 500 times each.
After this surge in views was finished I sent a support email to the WordPress team to see if they could isolate and remove this spike, but they responded saying views are actually valid page requests – well, they are valid, but they are not real of course. There was no equivalent increase in visitor numbers and they all came from the US. They are the result of someone writing a script to (probably) see if they could bring the site down by making hundreds of requests every second – a DOS attack. No-one could view 17000 images over 20 minutes.
So now I have a large spike in my stats which will take weeks to disappear from my stats graphs, and will give a false reading for views this month. I know everyone who blogs likes to get page views, but not this sort.
I experiences DOS on a newspaper I used to work for but never heard of it on a blog. Although I wouldnt say no to a spike in my readers….
Actually of course I don’t know it was DOS but I can’t think of another reason to make that many views in such a short time.
I think you’re right about it. Have you had any problems since?
Well written firewall rules can filter out most of the common tools of the DDOS attacker. There is one called LOIC that turns the users web browser into an attack mechanism, sending a flood of packet requests. It doesn’t do much on its own, but get several computers hitting the same site with it and it can interrupt service.
Why someone would pick your blog at random to test something like that seems odd.
I seem to remember back in 2010 that hacker group Anonymous breached WordPress security several times, taking advantage of unpatched vulnerabilities.
Hopefully the WordPress team took your concerns seriously and looked into the matter. It is very easy to identify attacks like I describe above from the system logs.
I don’t think it was DDos because that would lead to an increase in the number of visitors so this seemed to be just one machine. In itself generating 17000 http requests in 20 minutes would be easy to do so I suspect it was just someone playing around.
I havent had any more problems so far – in fact today is about a third of my normal views!
Swings and roundabouts!