Skip to main content

Every wondered how often your site gets scanned?

I run a demo instance of Atomic Lab’s Pion at home that I use for customer demonstrations and generally playing around.

I have been looking recently at the visitor session replay functionality and it’s fascinating to see how many people are out there just randomly scanning for vulnerabilities.

image

If we drill down into the headers we can see that in many cases the requests have spoofed headers, IP addresses etc

image 

GET http://www.eduju.com/proxyheader.php HTTP/1.1
Host: www.eduju.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Accept: */*
Accept-Language: zh-cn
Connection: Keep-Alive



The other common request string appears to be:




GET http://58.218.199.147:7182/judge.php HTTP/1.1



All of these requests use up your server resources, but standard analytics won’t show them up, so network-level analytics like Pion are the way to go!

Labels:

Comments

Post a Comment

Popular posts from this blog

Alexa has performance rankings too!

I must confess that this one had slipped past me… I wasn’t aware that Alexa was now offering performance rankings as well! Alexa now shows an “average load time” as well as a “comparitive ranking” (i.e. 51% of sites are slower). Interesting data for your next website analysis! It’s worth noting that the quoted “1.404 seconds” is about the same as the “repeat view” measurement webpagetest.org (testing from the UK node shows that www.johnlewis.com takes about 7.2 seconds to load with an empty cache, and 1.6 seconds with a primed cache, median values over 5 runs). Presumably this is an average across all Alexa toolbar users, on all johnlewis.com pages (large and small) with empty and primed caches.
Post a Comment
Read more

Load Testing Case Study

Since we are talking about presentations here is another one I did for the Load Testing Expo in 2009. It’s a case study of how we did the performance testing for an internet-facing content/community/jobs site. Test Expo 2009 Site Confidence & Seriti Consulting Load Test Case Study View more presentations from Stephen Thair .
Post a Comment
Read more
So what else does Operations do? Well, there is a whole organisation run by the UK govermnent to help answer that question! ITIL , or the IT Infrastructure Library, is a library of best practice information that basically tells you everything you need to do to run an IT department. Similarly developers have development methodologies such as RAD, JAD, Agile/XP, and Project Managers have PM methodologies such as Prince 2, PMBok etc to cover off their areas in more specific detail. ITIL breaks it down into 7 key areas: Service Support - deals with the actual provision of IT services such as the service (help) desk, incident management, problem management, release management etc Service Delivery - deals with ensuring that you can continue to DELIVER the service support functions with things like contigency planning, capacity management, service levels etc The Business Perspective - helps to ensure that the IT function is aligned with the organisation's business strategy and that how to...
2 comments
Read more