| One important
function of a log analysis tool is to assist in detecting abuse of
your site. In the example shown here a view has been created which
shows accesses to each page from individual IP addresses. The first
entry in this view is immediately suspicious. Why would one IP
addresses be accessing the sysysnc.zip file so many times? The
following entries are also suspicious although they are different IP
addresses the first part 80.8 is the same and it is likely that each
one is the same person on different internet sessions with different
dynamic IP addresses. |
In each of these cases I was able to
resolve the issue by contacting the ISP that owned the IP addresses
range.
These are example of abuse from
individuals but abuse can also come from other sites and an unusually
high count for a particular referrer domain may also warrant
investigation. I have used this technique to identify Warez sites
that have been downloading and ripping off my software and forcing
me to pay for extra bandwidth into the bargain!
|
