Users Online Count Explosion!
We are seeing 1000's of anon sessions for a single ip address. http://whatismyipaddress.com/ip/178.34.160.200 . Most usersonline rows are blank but it appears it is someone in Russia (or proxying through a Russia ip) searching through our TKB's and Forums. He might also be someone looking for vulnerabilites in the search form. A few urls resemble
.../t5/forums/searchpage/tab/tkb_<
Which get inserted into some hidden form fields without escaping the characters.
<input value="SearchPage:tab/tkb_<:searchauthorfilter.form:" name="liaFormContentKey" type="hidden">
http://community.ubnt.com/t5/forums/usersonlinepage/show-anon/true/show-dup-users/true
Is there anything that we can/should do to de-dupe the anon sessions? Or, is there anything we can do to get a more accurate metric for users online? I don't really want to ban the IP address because it would not be hard for someone to open a new proxy and resume where they left off.
FaisalK Not sure if this is a security concern, but figured I would let you know. Ubnt has a Hacker One account setup so we will notify you if anything get submitted.