Digital Ocean Inc. Is spamming my website.

March 3, 2017 1.2k views
Apache

My google analytics shows 50+ visits per day to my website. Why are you guys running a bot to my website. Its messing up my analytics and I believe its an attempt from someone to mess with my seo / leech bandwidth. I have been forced to filter you from my analytics and ban all visitors from this service via htaccess...

I saw a post about someone else griping about the same thing from you guys....

WHAT IS THE DEAL? WHY WHO HOW.. IDE LIKE A ANSWER.

1 comment
  • In the last week my GA is showing 248 sessions, 202 with new users. and avg. session duration of .05 all from Digital Ocean. Stop it.

1 Answer

From a separate post from two years back:

ryanpq MOD April 7, 2015
If you are seeing visits where the ISP shows as DigitalOcean these are visits coming via another droplet in one of our data centers most likely. Several decent sized VPN services utilize our services so the most likely explanation is that you are getting visits from users using a public VPN service or someone running a crawler or bot on their droplet.

Post is here

  • It's important to note that some people are running legitimate VPNs on their Droplets and use them to access the internet, so these visits are most likely harmless.

    @zachnewberry — if you believe that these visits are malicious and are intentionally harming your website/analytics, please send an email to abuse@digitalocean.com with the relevant logs so that we can investigate.

    • I have forwarded proper logs.

    • Yeah "legitimate" my butt .. 221 visits in 7 days consistently from a state 300+ miles from our service radius. Harmless probably. but this still have NO business spamming my website. I want to see digital ocean resolve this. Its to hard to block considering the IP is consistently different... same location zone tho... same amount of time spent every visit. same everything.

      • I report DO hackers all the time. However, it doesn't make sense they have different IP addresses. At least my droplet has a static IP. {Oh, and a good reason to behave yourself.)

        For a website, there is nothing wrong with blocking a VPS IP space entirely. If someone has a VPN on it, too bad for them. They can just drop their VPN. Note you go to bgphe.net and block the entire IP space. AWS is a little different. You need to retrieve their IP space in json format. I haven't done google in a while, but you get their hosting via a SPF record. But just about everyone else can be found on bgp.he.net or similar websites.

        My argument is there are no eyeballs in datacenters, VPS, etc. I don't block DO because as a customer, I can complain about the hacking. But AWS, Linode, etc. are all blocked. Not only from port 80, but all email ports other than 25. This greatly reduces the chatter in the server logs.

        I have geographical blocking on all email other than port 25. I stop about 20 hackers a day. Not significant, but these IPs don't need imap access.

        I maintain two ipfw tables. One for port 80 and all email other than 25. The other table doesn't include port 80. For example, the University of Michigan tries to log into my imap server times a day. Could be hackers...could be research...they never answer my emails. So I block the University of Michigan from my email but not the web server.

Have another answer? Share your knowledge.