Skip to content

Piero Bosio Social Web Site Personale Logo Fediverso

Social Forum federato con il resto del mondo. Non contano le istanze, contano le persone
  1. Home
  2. Categories
  3. Uncategorized
  4. Windows 7 traffic on my site has dramatically increased over the past 3 months.

Windows 7 traffic on my site has dramatically increased over the past 3 months.

Uncategorized
6 1 7
  • eb@social.coopundefined

    Windows 7 traffic on my site has dramatically increased over the past 3 months. This was widely reported in the news, and frequently attributed as a statscounter glitch. But I don't use statscounter, and my Windows 7 traffic is still increasing.

    No, Windows 7 isn't resurging.

    Over 90% of my Windows 7 "visitors" are Chrome users in Singapore with no referrer and 1280x1200 displays. These users *do* execute JS, but do not engage with the page. They appear to visit pages at random.

    1/?

    0
  • eb@social.coopundefined eb@social.coop

    Windows 7 traffic on my site has dramatically increased over the past 3 months. This was widely reported in the news, and frequently attributed as a statscounter glitch. But I don't use statscounter, and my Windows 7 traffic is still increasing.

    No, Windows 7 isn't resurging.

    Over 90% of my Windows 7 "visitors" are Chrome users in Singapore with no referrer and 1280x1200 displays. These users *do* execute JS, but do not engage with the page. They appear to visit pages at random.

    1/?

    eb@social.coopundefined

    Unless my website is shockingly popular with Singaporean Windows 7 users, these are obviously bots. For what? They aren't DDoSing me, but they are executing JavaScript and evading my (admittedly lax) bot mitigations. Maybe they are stealing my copyrighted content to train an AI model.

    So what do I do? Well, maybe nothing. Their traffic costs me nothing relative to the amount of bot requests I get which *don't* execute JavaScript

    1
    0
  • eb@social.coopundefined eb@social.coop

    Unless my website is shockingly popular with Singaporean Windows 7 users, these are obviously bots. For what? They aren't DDoSing me, but they are executing JavaScript and evading my (admittedly lax) bot mitigations. Maybe they are stealing my copyrighted content to train an AI model.

    So what do I do? Well, maybe nothing. Their traffic costs me nothing relative to the amount of bot requests I get which *don't* execute JavaScript

    eb@social.coopundefined

    Maybe I block Windows 7 users in Singapore. But the only reason I identified this in the first place is because of the odd Windows 7 UA. What percent of my *other* visitors are bots? Not all of them, but maybe some of them? Most of them? I can't detect them well, evidently. I don't know who's running them. And I don't want to fingerprint humans to find out. So for now, I do nothing.

    But I wish they would go away.

    0
  • eb@social.coopundefined eb@social.coop

    Maybe I block Windows 7 users in Singapore. But the only reason I identified this in the first place is because of the odd Windows 7 UA. What percent of my *other* visitors are bots? Not all of them, but maybe some of them? Most of them? I can't detect them well, evidently. I don't know who's running them. And I don't want to fingerprint humans to find out. So for now, I do nothing.

    But I wish they would go away.

    eb@social.coopundefined

    I have begun logging the IPs of UA's containing "Windows NT 6."

    (by default, in my analytics I only store a hash derived from the User Agent, day, and IP. As I do not know the user agent beyond the fact that it represents a windows 7 user on chrome and that the IP is in singapore, that is drastically too much data for a rainbow tables type deanon. I also store the connecting IP for 14 days, however this is almost always Cloudflare and not the user.)

    0
  • eb@social.coopundefined eb@social.coop

    I have begun logging the IPs of UA's containing "Windows NT 6."

    (by default, in my analytics I only store a hash derived from the User Agent, day, and IP. As I do not know the user agent beyond the fact that it represents a windows 7 user on chrome and that the IP is in singapore, that is drastically too much data for a rainbow tables type deanon. I also store the connecting IP for 14 days, however this is almost always Cloudflare and not the user.)

    eb@social.coopundefined

    ---
    And just like that we have our first bite:

    UA: "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.114 Safari/537.36"
    IP: 43.173.180.83

    Unfortunately, this is Tencent Cloud which is owned by Aceville which is owned by TCH Delta Limited which is... owned by Tencent. So that's a dead end. Could be TC themselves or any company using TC cloud.

    I tried Shodan and Zoomeye and didn't see anything aside from DNS to "openstacklocal."

    Any ideas?

    0
  • eb@social.coopundefined eb@social.coop

    ---
    And just like that we have our first bite:

    UA: "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.114 Safari/537.36"
    IP: 43.173.180.83

    Unfortunately, this is Tencent Cloud which is owned by Aceville which is owned by TCH Delta Limited which is... owned by Tencent. So that's a dead end. Could be TC themselves or any company using TC cloud.

    I tried Shodan and Zoomeye and didn't see anything aside from DNS to "openstacklocal."

    Any ideas?

    eb@social.coopundefined

    They're using many IPs, since I began logging only a hour ago I've gotten 3:

    43.173.180.83
    43.173.173.185
    43.173.173.224

    Same story for all

    1
    0
  • oblomov@sociale.networkundefined oblomov@sociale.network shared this topic on
Log in to reply

Feed RSS
Windows 7 traffic on my site has dramatically increased over the past 3 months.

Gli ultimi otto messaggi ricevuti dalla Federazione
@pierobosio@soc.bosio.info
Post suggeriti