This weekend I noticed a few odd entries in my web traffic stats. There were multiple visits from several addresses in China. While the hits came from various cities in China, the one thing they all had in common was the weblink. The link came from an address that looked something like this:
Of course websitename.com was the actual domain name of the blog or website they were visiting.
After seeing a few of these weird entries, I did a little snooping around. I found a thread on the Google Analytics forum regarding these odd entries. Apparently I’m not the only one getting such visits. This web address seems to be linked in some way to a site call cznn which has been known to distribute malware. This is not something I want attached to any of my blogs.
Temporary Fix for the qq829 Situation.
At first, I tried banning the IP addresses. That proved to be an exercise in futility because the IP addresses never seemed to be the same. Through the Google conversation, I found the AurelloSoft site. They specialize in computer security and they recommend blocking these visits by modifying the .htaccess file on the website/blog’s server with the following code:
I removed the code from this post because the code wouldn't display properly. To get the correct code, visit the AurelloSoft Website.
I entered the code on all of my sites. Hopefully it’s working, because I still see the same weird www.qq829.com entries. Although seeing the entries means that the attempts are still being made. It doesn’t mean that they’re getting in.
Take Preventative Measures
If you are not in the habit of checking your visitor stats, give them a look see. You might want to place the above code in your .htaccess file to be on the safe side.
Just another little something to keep us all busy.
UPDATE: I took it one step further. After looking at the source code from the URL of one of the unwanted visitors and finding words such as “net user hacker” and “net localgroup administrators hacker” and “Administrator Guest hacker,” I decided to step things up a bit.
Until this whole mystery is solved I have blocked all visitors from China. I used the .htaccess method as recommended by the Parkansky website (actually, I am currently using both .htaccess methods).