Is it a kinkd of Session Attack? Please help, Thank you.

Max_76
Visitor
3 0 0

This morning I was shocked when I visit my shopify manage page. I saw 60+ live visitors and 2600+ sessions, Normally it's about 5 live visitors and 500 session total. All increased sessions are from Melbourne and duration time is only 1 sec. 

I think it's a kind of attack, Could you suggest? Thank you.

Max_76_0-1649117954123.png

 

Max_76_2-1649117994840.png

 

 

Replies 4 (4)

Shay
Shopify Staff
2968 460 609

Hi @Max_76 

 

Thank you for the screenshot of the traffic in your store and detailing your concern. I want to assure you that there is no security concerns that you need to be worried about with that kind of traffic.

 

I want to share some information with you about what an attack like this would be called and how to recognize one. It never hurts to be wary and the more information you have on the topic is always better!

 

The kind of attack that you would be concerned about when seeing a huge spike in traffic is called a DDOS attack or Distributed Denial of Service. Essentially it is designed to create a traffic jam in the store's server so that it cannot load or cannot load very fast. This disrupts legitimate traffic to the store and could lead to error messages or content not loading at all on the storefront.

 

Cloudflare has a great article detailing this: What is a DDOS attack? 

 

I recognize that for your online store that much traffic at one time is out of the ordinary. For one reason or another an online scraping tool has most likely targeted your store. This is nothing to be directly concerned about, it happens all the time. Keep in mind that your store's ability to handle traffic is not based on your average customer footprint, but on Shopify's average customer footprint. That number is very, very, high and if a store on our platform was targeted in that way then we would most likely see a group of stores experiencing a disruption. 

 

I hope this information helps! If you have questions about your store account security I encourage you to reach out to our live support or you can email security@shopify.com about any security concerns with the platform. 

Shay | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

Shiv2021
Tourist
4 0 3

HI Shay, we are experiencing a similar attach specifically from two cities one in Ireland and one in Sweden. Ofcourse those could be VPNs used by the attackers or something of the sort. However on days when this happens our sales drop by about 40-50% from normal days. We also noticed our Shopify admin throttles essentially preventing us from loading pages. Site becomes slow as well, what are ways to prevent this? And do these kinds of attacks normally last long? They started happening last week and we experienced three days of attacks so far on and off. 

 

Victoria
Shopify Staff
2226 153 259

Hi, @Shiv2021.

 

Thank you for joining the thread!

 

It sounds like we'll need to take a closer look into your account to help troubleshoot and identify these issues. While we can't access this information via the Community Forum, you can create a support request via the Shopify Help Center.  

Victoria | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

mhml
Visitor
1 0 0

Sweden and Ireland attacks must be widespread. My store is experiencing the exact symptoms as @Shiv2021 with the Lulea Sweden and Clonee Ireland spiking around 8-9PM Central Time several nights in a row but also increasing as I've seen those visits a few months. I added a Country Blocker App but still the spikes occur affecting loading pages and Admin. Analytics give appearance of high sessions with low conversion rate and definitely affected my sales during those spikes.