load of seperate 1 page hits from same ip

Usually for bots or users it will show the ip address and the number of pages that they viewed.



Why would a single ip to be listed on the log over 600 times all showing they viewed 1 page? How does it know to group it together usually? Session id?



OS/Browser were unknown, but the agent was HTTrack some website copier program running from a proxy I think.



The referrer is mostly the contact-us page.



CS-Cart does have validation to prevent someone from hijacking the contact-us page, yes?






[QUOTE]

04/14/2010, 08:31 AM 1 88.176.87.103 / - undefined undefined France France Expand / collapse the list of itemsExpand / collapse the list of itemsExtra

Entry page: [url]http://unicacool.com/kitchen-and-tabletop-en/cooking-tools/[/url]



Page title: unicacool: instant cool for your home - kitchen+tabletop :: cooking tools

Current page: -



Page title: -

Referrer: [url]http://unicacool.com/contact-us.html[/url]

User-Agent: Mozilla/4.5 (compatible; HTTrack 3.0x; Windows 98)

Language: French (Standard)

Screen: 0x0 (0)

[/QUOTE]





Also, all these pages are skewing our statistics, where in the db can I go and manually delete them?

I have found that certain “caching proxys” will cause a huge spike in activity with bad info. Most notably www.navalinformation.gov (US). Seems that their proxy server gets confused by the multiple languages and tries to cache all the direct links from the home page in all languages.



Reasonable one would think, but it tries to do all languages at once which sometimes can drive the load average on the server up to 200 or so!!! Not good.



What I did to solve this (after digesting way too many log entiries) is created the file (assuming use of the my_changes addon):

addons/my_changes/controllers/customer/init.post.php with content of:

```php

// Test for multiple 'sl' entries in the query string
if( count(explode("sl=", $_SERVER['QUERY_STRING'])) > 2 ) { // A query string with more than 1 sl=
fn_log_event('requests', 'http', array(
'url' => $_SERVER['SCRIPT_NAME'],
'data' => $_SERVER['REMOTE_ADDR'].": ".$_SERVER['QUERY_STRING'],
'response' => "Denied Access due to multiple 'sl=' arguments in the query string"
) );

return array(CONTROLLER_STATUS_DENIED);
} else {
return array(CONTROLLER_STATUS_OK);
}

?>

```

What this does it there is more than one ‘sl’ parameter in the URL. If so, deny access.