Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
Maxim2020-10-05 11:13:37
Google Analytics
Maxim, 2020-10-05 11:13:37

Weird site activity, real-time GA counter "Right Now" is growing non-stop. DDoS?

I'm seeing strange activity on the site.

Analyzing the site logs, I saw about a thousand spam hits in a short period of time from the German IP 138.201.93.127 and a bunch of others with a smaller number of requests, the CPU load increased to the limit. When the requests stopped, the load dropped.

But something else is interesting. Google Analytics in the real-time report in the "Right Now" section shows ever-increasing numbers. While writing the question, the number of active users on the site has grown from 3200 to 6000, although the usual figures at this time do not exceed 100-200. And 80% of traffic is direct. In addition, 95% of the traffic is Belarusian (the site is also Belarusian). In the GA, LI, J.M reports, I do not see any influx on any page of the site.

If this is DDoS, then why is the main traffic from Belarus, and not from some kind of China? And it’s not clear to me whether bots can imitate a user as part of a DDoS attack, in particular, execute site js scripts (after all, js is needed for GA to work)?

PS When the question was completed, GA let go, the live indicator returned to normal and began to gain momentum again.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Danny Arty, 2020-10-05
@DanArst

If traffic has grown so much, then these are 100% bots.

And it’s not clear to me whether bots can imitate a user as part of a DDoS attack, in particular, execute site js scripts (after all, js is needed for GA to work)

If by that you mean bots imitating a regular user by filling out forms, adding items to the cart, etc., then yes, of course they can!
If this is DDoS, then why is the main traffic from Belarus, and not from some kind of China?

Apparently, they specifically used the IP of the Republic of Belarus, since this is your target audience and therefore you cannot put an IP filter by geo.
Apparently the intrigues of competitors, I advise you to contact your hosting company for protection against DDoS.

Similar questions
V
ViT932021-04-29 09:26:58
Why does the Google Analytics Purchases Made report not show the correct price? 1Reply
M
MasterF2015-07-07 14:40:36
How to compare traffic of subdomains in a report? 2Reply
L
Lera Kryukova2017-06-22 09:31:03
Google Analytics missing transitions from VK? 2Reply
G
Guppoe2021-05-24 20:57:54
Is it necessary for the filter to select information only for events with the callkeeper category, the call or call_order action, and the vkontakte label? 0Reply
V
Vlad Skiff2017-07-23 14:13:36
How to implement the transfer of user data to GA through the Tag Manager? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question