Ok, I need to figure something out and I just can't come to a definate conclusion alone. Here's the scenario;
One of the websites I'm runnnig normally gets about 2000 hits a day. (hit, not unique visitor)
Recently, that number has jumped to almost a million hits a day. Here's the catch, looking at the logs the hits are all on the 1st splash page (where's there's nothing of value) and only for about 5 secondes - meaning the hit originated on the 1st page, stayed for 5 secondes then went elsewhere, no follow through.
Also, normally the logs show "GET" requests, a normal request for a resource wich is returned as header and body of the page. These extra 900k hits are only using the "HEAD" protocol wich returns only header information, no body is sent.
My question is, what (or who) could be causing this?
Would a program that monitors uptime for a website be doing this?
Could someone be trying to attack the site this way?
I need all possible scenarios before going any further, what do you guys think?
One of the websites I'm runnnig normally gets about 2000 hits a day. (hit, not unique visitor)
Recently, that number has jumped to almost a million hits a day. Here's the catch, looking at the logs the hits are all on the 1st splash page (where's there's nothing of value) and only for about 5 secondes - meaning the hit originated on the 1st page, stayed for 5 secondes then went elsewhere, no follow through.
Also, normally the logs show "GET" requests, a normal request for a resource wich is returned as header and body of the page. These extra 900k hits are only using the "HEAD" protocol wich returns only header information, no body is sent.
My question is, what (or who) could be causing this?
Would a program that monitors uptime for a website be doing this?
Could someone be trying to attack the site this way?
I need all possible scenarios before going any further, what do you guys think?
