Home
Support Forums

Possible missconfiguration?

Hello everyone,

So I am quiet concerned about this to be honest.

Been asking friends, and posted on Twitter but it looks like no one can tell me exactly what this is, and because I am thick, I need find out why this is happening.

I am trying to find out what can this be caused by, so feel free to see the open analytics.

https://stats.andreuzza.com/share/Ohpb1Fts/Colors%20%26%20fonts

site.
-colorsandfonts.com

So let me explain, a couple of days ago, I was looking to my side project the analytics because is popular and I was interested…

Then I saw this IP

172.16.1.19

and the IP has this URLs attached.

172.16.1.12/admin
172.16.1.19
172.16.1.12/dashboard
172.16.1.12/login
172.16.1.12
172.16.1.12/register
172.16.1.12/admin/admin/add_vaccination_details
172.16.1.12/forgot-password
172.16.1.12/admin/users
http://172.16.1.12/edit_vaccination_details/983?_token=4THJVII8ioTSeiXvU6jciRs4AzAmP1oXkaPtqtd6&id=983

http://172.16.1.12/admin/users?_token=DevuVoY4h0lzqYruLLtWx5i4gZt1ltoSuRAvxpmi&search_text=srirama&department_id=

http://172.16.1.12/admin/edit_vaccination_details/1150

http://172.16.1.12/admin/edit_vaccination_details/996
http://baidu.com/

http://172.16.1.12/admin/edit_vaccination_details/1308

http://172.16.1.12/admin/edit_vaccination_details/884

http://172.16.1.12/edit_vaccination_details/1338?_token=MwS8QfwLSRYb75Owg0mGT1oSj1empqtwN9kOskgJ&id=1338

http://172.16.1.12/admin/edit_vaccination_details/818

http://172.16.1.12/admin/edit_vaccination_details/885

http://172.16.1.12/admin/edit_vaccination_details/948

http://172.16.1.12/admin?_token=ypKecsc2ECQslfjQhzv68bsBcvmu0SPxN7td1DET&search_text=&department_id=1

http://172.16.1.12/edit_vaccination_details/922?_token=UsHuQhR5cRSkbZBUtdpU0MQmHswgHykmb9sdtKmM&id=922

then I this was also a referral.

http://vs.cftri.com/forgot-password

cftri is something in India

http://www.cftri.com/

and this matches with eh URLS

Then I happen to see the the raw version and it was linking to this
https://toolkit.addy. codes/

Any clue would be deeply appreciated.

Thank you in advance,

/Mike

Hi @michael-andreuzza

I’m not sure what is causing you concern, or what you are asking.

Are you wondering why these IP addresses are accessing your site? And what they are looking at paths like /admin?

yeah exactly, that’s exactly the reason.

This is all relatively standard traffic. The 172.x.x.x address range is reserved by IANA for private networks (Wikipedia). It is unfortunate that many people/groups use bots to automate looking for access to restricted areas on sites. If you do not have these areas (which I can see you don’t) why the concern?

This has nothing to do with your configuration.

Here are some apparent sources of traffic to my site

And here are some resources that many people/bots (both legitimate and illegitimate) tried to access

oh, ok.Fair enough.

Well, the concern is because I am not an expert on IP’s and closest areas…

I wa thinking that someone took the code and left the tracking ID there…