In November the Deflect network served pages to many legitimate visitors interested in breaking news reported by deflected websites, and mitigated automatically some intense attacks.
During the month, Deflect served 585 million pages to 9.8 million visitors, with a slight increase of unique IPs as compared to our October statistics, suggesting a rise in the number of our legitimate visitors despite the decrease in the total number of requested resources. This is also reflected by the statistics on banned bots, which dropped from 50,323 in October to 38,740 in November.
Daily hits on the Deflect network, by country: in November, visitors of websites protected by Deflect originated from Ukraine, the USA and Turkey, closely followed by Russia, which became the second country of origin of requests on the 22 November.
Bandwidth usage by country of requesting IP: as in previous months, Ukraine and the USA are the first two countries requesting resources from deflected websites, followed by Turkey and Russia, which rises to the second position on the 22 November.
November statistics on unique visitors of websites protected by Deflect are topped by Turkey, Ukraine and the United States. On the 22 November the Russian Federation topped the statistics rising to the first position.
As in August, the peak in legitimate requests we recorded last month was linked to news from Uzbekistan, which also explains why we can clearly see a higher number of hits from a country where the internet, and most of the websites protected by Deflect, are censored for common citizens (but probably not for members of government and connected people).
Beyond the number of unique visitors and requests, here are two pie charts describing Deflect’s cache response and our visitors’ operating systems.
In November, nearly 80% of the pages we served were cached in the Deflect edges. We had to get a copy from origin web servers for less than 20% of the requests we received.
The pie chart on operating systems used by visitors of deflected websites in November shows that the trend we observed last month is unchanged: with Android at 37.03, iOS at 8.7% and Windows at 39.29%, mobile devices (45.73% total) are apparently being used as much as, if not more than PCs (43.38%) to browse sites protected by Deflect.
November attacks
In November Deflect mitigated automatically all DDoS incidents targeting our network, including one major attempt on the 15th November that didn’t last long, possibly because it was being blocked by our edges.
Bots used in these attacks originated mostly from the US, Germany and the Russian Federation. One detail sets apart last month’s statistics from what we observed in the previous months — WordPress doesn’t appear among the most used user agents in botnets, which suggests a change in attack methods.
November stats on the countries of origin of bots are mostly unchanged in comparison to previous months. A singular detail is the “Anonymous Proxy” that can be spotted in the list of countries.
During the short but intense attack Deflect mitigated on the 15th November, what triggered the bans were mostly a user agent string that is known to be used in botnets and a high number of GET requests sent to the root directory of the targeted website.
User agents used by banned bots in November: WordPress is not one of the most frequent user agents in DDoS attacks, where we observe a prevalence of browser user agent names.
