I'm not sure if this question belongs here or somewhere else, but there isn't a topic for security related problems, just for security patches. Anyway, when I look at the Online Customers it shows me about 1400 guests all from the IP Address 180.76.15.* which is from Beijing, China. Normally I wouldn't question this, but seeing as it is so many from the same IP Address range, it has me worried. Especially when you add in the fact that most of the Session Start times and last activity are only a couple seconds apart. Same with the Session Start times in the list of the IP Addresses. Any ideas?
Solved! Go to Solution.
those are probably the bots scanning your store. we usually just block the whole c-class of those IPs on the server, especially if you do not sell to that country. nothing good will come from them anyway.
So I blocked the range of IP addresses and somehow when I did that, I gave myself a 500 internal server error (I think that is what it was. I undid it right away so I don't remember) so unless I did something wrong...?
What I did was add
Deny from 188.8.131.52/163
to the .htaccess file.
I've done this and the IP Addresses are still showing up in online customers as before.
try to restart apache to clear connections.
you can test it by adding your ip the same way - you should not be able to open your store in the browser but it will not prevent you from opening ftp or ssh to remove your IP from .htaccess
you can also ask your host to block those IPs on the firewall.