Search Engine Guide
Search The Internet: 

Orbidex provides two additional ways to stay current on search engine optimization techniques, trends, and other vital information:

Subscribe to have these articles delivered directly to you each week via email.

In addition to receiving the weekly articles, be sure to sign up for Orbidex's monthly newsletter.

Search Engine Optimization

Article provided by:
© 2001 Orbidex.

Back To Article Index

Tell Your Friends About This Site

Code Red's Affect on SEO and Site Reports
By Eric Lander - August 14, 2001

In the past few weeks, an exploit affecting web servers running Microsoft NT has caused some Internet traffic speeds to slow to a crawl, and has even crashed some web servers. The first onslaught of the Code Red Worm also had the ability to deface homepages all the world over.

But, with many of us constantly analyzing our traffic flows, site referrers, and beyond, it is important to understand how this worm worked, and just how easily it can still be deceiving us all.

The Code Red Worm, described in more detail at quite simply is a small infectious piece of coding, attempting to spread and infest itself upon servers with IP addresses closest to its new host machine. And, while this may seem like nothing at all, consider how our own website and been affected from the eyes of our site marketing professionals…

Without any major or radical changes in link popularity campaigns, without any new submissions, advertisements, or email distributions, TSL saw this:

• A 400% increase in daily visitor sessions
• Over 25 newly identified TOP 10 traffic referrers - in one week
• An increase of over 2000% of overall site hits

Now… While at first glance it seems like the holy grail of traffic, anyone with an in depth knowledge of how things realistically work - we knew something had to be wrong.

Immediately after our SEO team analyzed the stats, in this case provided by Webtrends, we knew something was up. In the same office of our organization's headquarters, our security experts were hard at work notifying our business partners of the technically challenging aspects that they may be faced with, courtesy of Code Red.

When these two groups began talking about the week's oddities at large, we realized there could very well be a connection - and we immediately began comparing notes. Thanks in large part to Seyha Phul, the server administrator at Orbidex, we were able to fully understand the nature of the beast that is Code Red, and learned how to avoid the false reporting within site statistics.

First and foremost, anyone looking into their website's statistics will need to know what, and how to filter certain requests out. Because every statistic-reporting software package works differently, you need to know what to look for. WebTrends made our jobs very easy given the software's interface and ability to simply filter out all requests for a particular file type.

The file types you need to remove from your reports will contain one of two things. Either a request for a file called "default.ida" or "cmd.exe". The Code Red exploit needs access to both of these files, in existence somewhere on an NT-based server to continue it's spread onto other servers. By removing these requests from our site log analysis - the normal trends of traffic were restored.

Again, I bring this up for the fact to be known. Individuals who are analyzing their sites' reports and are unaware of the Code Red Worm and what it has done NEED to understand this and find a way to fix their reporting processes. As the Code Red Worm continues to propagate itself and infect servers on a continuing basis, site reports will continue to be grossly exaggerated. The best recommendation I can give is to contact your site's software analysis creator directly, asking them how to properly remove such requests. When it comes down to it, it's better to know the truth about your site, and protect it from further issues.