One question. Are the dashboard logs derived from the web server logs or directly from the nodebb code? I assume directly.
Well, I wasn't posting looking for technical information but now you have me curious :).
Looking at the logs, they strongly suggest automated bot activity. Hits from Googlebot and other search crawlers WordPress vulnerability scanners Automated scanning tools like ZGrab
Are these triggering login attempts either by mistake or as part of their crawling process? Googlebot, for example, accesses various URLs, including login pages, and might cause login events.
Many of the requests are targeting /wp-admin/setup-config.php, /wordpress/wp-admin/setup-config.php, /xmlrpc.php, /wlwmanifest.xml, and similar WordPress-related URLs.
Since it's not a WP site, are these requests resulting in redirects or 301 responses, but getting counted in access logs that result in the dashboard stats?
Yes but aren't those usually script kiddies? The number of unique visitors is only 202 while the login attempts are nearly 15K for yesterday alone.
No problems with nodebb, just an observation of so many people wasting their lives trying to hack others. Some having the potential to be highly skilled and well paid folks but instead spend their time trying to hurt others.
I put a site online just to test a few things. It's not advertised or mentioned anywhere yet but look at the stats. Lots of hits from bots, most presumably looking for Wordpress sites. I just thought it was interesting and wanted to share.
I ended up rebuilding as there seem to be too many goofy things going on. Now it seems fine so have no idea what went wrong. It is acting normal now.
One odd thing is that I'm using postgres with my install and it seems to be legacy based. I've been using mysql for many years and the default mongo db with nodebb so it's the first time I'm using postgres.
Jeez I feel stupid for posting this. Of course, I forgot to rebuild that time.
Thanks for your help.
Single at the moment but with plans to go multiple if traffic warrants it. I'll do some debugging as suggested and report back.
it's not public yet no.
The Post Exists but Isn't Loading in the UI. To test, I refresh the post in my browser and it goes 410. When I add api into the url, I see the post but it's all code. A refresh does not get the 410.
Yup, it is internal.
I found this for anyone that comes across this. https://community.nodebb.org/topic/12493/nodebb-plugin-prometheus-prometheus-monitoring-for-nodebb