User Profile Views - Extremely High Lately


(Bcguy) #1

I’m getting a crazy high number of User Profile Views lately - and I’m wondering what it means. It used to be down in the low hundreds - but the past few weeks its been up around 10,000 per day. It seems like someone is hitting them way too hard - is there any easy way to see who it is, or block them?


(Jeff Atwood) #2

Hmm, did anything change in that code path recently @sam?

I don’t see any anomalous stats here on meta:


(Erlend Sogge Heggen) #3

We have at least two other recorded cases of this happening:


(Bcguy) #4

Here is my “trend line” the past few months on User Profile Views:


(Sam Saffron) #5

@tgxworld we should cross correlate with kibana to see if this looks legit, in particular confirm we can count it all and that we are not counting user card expands


(Bcguy) #6

Any updates on this?


(Alan Tan) #7

Fixed in

Only forums that are using @DiscourseMetrics.com are affected by this bug.


User Profile Views - dramatic increase in count
Noticing a strange pattern. How high are profile views on your community?
(Bcguy) #8

Great. Please Let us know when its been phased into the code for the discourse-hosted sites.

Thanks.


(Andrew Waugh) #9

Is there any chance that this is again an issue? I just noticed this:

My initial thought was “Probably the Who’s online plugin”, but when I view the graph the numbers were high before we installed that plugin.

Is there a way to confirm that the stats are accurate?


(Jeff Atwood) #10

No repro on my sites, including this one. So something about your site. Are you using the discoursemetrics plugin, as stated above?


(Andrew Waugh) #11

I just filled in the form at www.discoursemetrics.com/


(DiscourseMetrics.com) #12

He’s not using our service (yet), so no :slight_smile:


(Mittineague) #13

My first thought was “bot crawls”.
If you look at your dashboard stats for Traffic are the numbers for logged in, anon, and crawler similarly disproportionate?
Do you have a lot of accounts under Users - Suspect?


(Andrew Waugh) #14

Roughly 500 active users, rarely more than 50 at a time.
6 Suspect users:

We’re also seeing about 50 account registration/day on our wordpress site, but they’re spread out irregularly over time, mostly msn, gmail and yoohoo accounts.

Script kiddies?


(Mittineague) #15

It looks as if the high profile views are coming from anywhere it would be the anon users. I can get that some would be interested in checking out Profiles, but for numbers like you’re seeing l can’t help but think it would need to be script doing it.

My interest has been sparked, I’ll do some digging ASAP to see if there’s any way to get more data.


(Andrew Waugh) #16

I agree about the script driven. Even if we had a huge number of users with ADHD who couldn’t be bothered to login and were just looking at the site to see if something has happened we wouldn’t be getting those kinds of numbers.


(Rafael dos Santos Silva) #17

You can grep trough the logs and look for patterns:

grep 'GET /users/' /var/discourse/shared/standalone/log/var-log/nginx/access.log | cut -d " " -f 3 | sort | uniq -c | sort -n | head -n 20

This should show if the source of those requests are all the same.


(Andrew Waugh) #18

I’m just trying to get someone who has SSH access to look at it.

Would the /staff/nginx logs be of any use in the meantime?


(Alan Tan) #19

There is a table that stores all these information :slight_smile:

In data explorer, you can run the following query to see which users are getting the most profile views:

SELECT 
  user_profile_views.user_profile_id AS user_id, 
  COUNT(user_profile_views.user_profile_id) 
FROM user_profile_views
GROUP BY user_profile_views.user_profile_id
ORDER BY COUNT(user_profile_views.user_profile_id) DESC

Another query that might be helpful is to see which IP address is generating the most views:

SELECT
  user_profile_views.ip_address,
  COUNT(user_profile_views.ip_address)
FROM user_profile_views
GROUP BY user_profile_views.ip_address
ORDER BY COUNT(user_profile_views.ip_address) DESC

(Gunnar Helliesen) #20

I work with Andrew Waugh on the same Discourse site. I finally had some time to start digging into this, and soon discovered that a whole bunch of the requests came from one IP, 104.236.201.204, and that they all included our API key.

That IP belongs to Digital Ocean, and since the requests included our API key, I’m assuming this is coming from Discourse Metrics. We’ve turned Metrics off now, but here’s a redacted sample from our “outer” nginx log:

104.236.201.204 - - [31/Mar/2017:19:00:22 +0000] "GET /users/SomeUser.json?api_key=sekrit&api_username=system HTTP/1.1" 200 1343 "-" "Ruby"

We’ll see in a day or two if this makes our user profile views go down by a significant amount.

Gunnar