Post by Noel on Dec 7, 2016 12:41:45 GMT -6
I happened to look at my web site stats in some detail by coincidence, and what did I discover but 7 addresses downloading three of my product installers at a rate of more than 10x the amount of downloads being done by the entire rest of the world. The files are 15 to 30 megabytes in size, and were being downloaded roughly 500 times a day.
On further examination, these addresses are all in China, owned by China Mobile Guangdong.
Specifically:
117.177.240.142 Yibin, China
183.224.1.75 Kunming, China
211.137.39.34 Shenyang, China
183.224.3.19 Kunming, China
183.224.1.74 Kunming, China
120.192.76.105 Weifang, China
111.23.4.37 Qingdao, China
It's possible these addresses are the portals into seven large subnets.
It started in May, first with one installer file, then the next month with several more. The rate of download was pretty consistent at a little less than 20 GB per day.
I cannot begin to imagine why these specific files are being downloaded at such a high level, since the number of conversions from trial to actual sale of a license in China is very small (just a few a month).
Okay, you might think, maybe they've cracked my software. But if my products had been cracked, they wouldn't be downloading my uncracked versions, they'd be getting a cracked version from some pirate site or torrents.
I have never embarked on nor contracted any sort of SEO - I don't believe in that crap - so it's not an artificial browsing load of my doing.
The two even remotely viable possibilities I can think of are:
- Some kind of (obviously ineffective) low level attack, against my site or the host (iPage.com) or the intercontinental links or... ??
- Some kind of attempt to influence web usage statistics to pump them up and make the world believe more people are using a particular OS or browser than in reality. Thing is, I would expect such an operation to load small web pages, not large files over and over. The stats imply Google Chrome is doing the downloading.
In any case, I've blocked the above addresses as of yesterday using Deny commands in my .htaccess file, as I can't really see any benefit to allowing this ridiculous download rate to continue. No one has written to me yet asking why they can't reach the files.
Do you have any ideas why someone in China would set up multiple systems or a botnet to download my files from seven different addresses?
-Noel