Given that I haven’t really launched or gained any real users thus far, it seems to me my online visitors should only be:
Potential clients I’ve been pitching in the Northeast US and my personal contacts in the area
Bubble users, perhaps
YC classmates
However, in my Mixpanel live view I see that I have visitors from all over the world (Many of these came before I started YC. YC classmates can also just visit via a link in my YC profile, so I’d see their referring domain). The number of visits I’m getting from non-US locations seems odd. I’m having trouble understanding how and why they would find/browse my site.
I also saw that someone went inside the development side of my app and created a user. The person entered an NYC address. They have not responded to an email I sent to them. Any suggestions for how I can get to the bottom of this added user? Best case scenario it’s a bubble user from a short time period when I opened the editor up, but I worry it’s not.
My site is using SSL. What else can I do to bolster security? Or am I overreacting?
It’s likely a bubble user or someone you know. I know I go to random bubble websites that I find and sometimes create accounts. Just to experience their web flow.
The random worldwide traffic is a pretty common occurance on the web. I don’t know the reasoning, but generally they just send to come and leave immediately.
Just make sure you have strong passwords and none of your data is exposed improperly in the privacy tab. Also only give access to people who you know you can trust.
Thanks so much for your response. This makes me feel a little better. The coming-and-going-quickly is the exact pattern I’m seeing from non-US users.
Right now my app is set to “private app.” Is this even more secure than the password version? I thought when I set a password this way once, even public users couldn’t access the live side of the site.
When you say “non of your data is exposed improperly in the privacy tab”, is there anything I can improve in particular? I created an iframe “widget” for clients’ websites, so unfortunately I have to expose iframes.
These are crawlers, bots, scanners, etc. Automated stuff, not actual people insanely typing random links. If we had infinite monkeys typing out URLs in a browser, how long would it take for them to visit your app?
Do both. I believe the Application rights applies to the app editor. The password side applies to the front end. (What users see). You can choose to apply the password to just the development version.
For the privacy, I also meant under the data portion of your app. You can define rules and make sure certain data is only available/editable to certain people. You wouldn’t want another user to be able to edit a users data generally.
