Forum Moderators: phranque
Looking over the visitor's IP address & geographical location I have a pretty good hunch that it's someone who's been a comment troll at my site for some time.
First, I'd like to know if this person somehow has breached my login data to gain access to my site internally. Second, how would they have known within minutes that I published a post? Would it be possible having such internal access that they might've have planted some code that would automatically notify them when a new pg. was created? Or can they do this w. software w/o needing internal access?
If someone can help me interpret what might be happening I'd be grateful. I have the pg. from my stat service which I'd like to share w. someone who can help me figure out more of what might be going on. Send me a PM & I'll share the stuff w. you & be very grateful for yr help.
Another tact...I use "honeypots" for this sort of situation. Add a link to the admin page you mentioned (where you think that user may have unauthorized access)...call the link "List of User Passwords" or something you may think would attract the hacker.
The link sends them to a page that automatically sends you an email with as much info as possible--their IP, cookie info, browser info etc.
But I'm even more concerned why this guy's visit would've shown my internal site page as his URL referral. How would he have even gotten there unless he had logged into my site? Wouldn't that have meant that he had to have been inside my site when he accessed the public blog page?
You could limit access to that area of your site via IP address (eg. Limit access to your known IP addresses)
I like superpower's idea for a honeypot. That would be another alternative to see if your assumption is correct.
