I knew bots were hitting one of my smaller sites, but I didn’t expect this level of activity.
I ended up building a small tool called BlockABot (blockabot.com) to help track what was actually going on.
Checked the logs this morning and over the last 24 hours:
217 requests
422 unique IPs
286 of them were brand new
What they were doing
Most of it wasn’t random.
WordPress-related paths → 95 hits
General scanning → 100+ hits
Smaller amounts of:
.env probes
admin panel scans
PHP endpoint checks
What stood out
There were clear bursts of activity:
Around 11PM → ~49 unique IPs in one hour
Around 11AM → over 100 unique IPs in one hour
That doesn’t look like normal traffic.
It looks more like coordinated scanning.
Why I built this
I originally ran into this trying to figure out weird traffic patterns on a small site.
So I put together something simple to:
log requests
detect common scan paths
track repeat IPs
build a shared list of known bad actors
Basically trying to answer:
is this traffic actually human?
What I’ve noticed so far
A lot of traffic is automated, even on small sites
Bots tend to hit in waves, not randomly
The same IPs show up repeatedly
WordPress endpoints get hit constantly (even if you’re not using WordPress)
One interesting stat
Out of the 422 IPs:
286 were new
136 had been seen before
If you think this might help you, or if you have some ideas to add ott it let me know.
Top comments (0)