Post by: Arbok on August 23, 2007, 07:12:01 AM
Tuesday was more or less fine, with bandwidth staying at 1GB an hour. Wednesday flaired up again to 15GB an hour, and I had to further restrict access through the htaccess file. I got it down to 1GB an hour again. However, that night it rose to 3GB, while this morning it's now at 4GB an hour.
Sadly, the stats for the site also appear to be down. I wondered why this was, and attempted to view the log for the latest hour... to find out that the file was 1.12GB in size, which would probably explain that.
I tried to contact support about this, but their response was a combination of contacting our own web developer (doesn't help, as that's me) or doing a Google search...
At this stage, I simply have to ask if anyone could offer any advice to try and deal with this situation? I have already deleted the larger files off the site, while narrowing down the accepted domains to just the normal site and a subdomain, yet it continues. If anyone could help me with this ordeal, I would be very grateful. Thanks for your time.
Post by: Nick DiMola on August 23, 2007, 07:22:31 AM
Post by: Sir_Stabbalot on August 23, 2007, 07:24:37 AM
At the very worst, you could take the site down for a week and then bring it back up. Hopefully the ADD kids doing it will have forgotten.
Post by: Arbok on August 23, 2007, 07:32:05 AM
Quote
Originally posted by: Sir_Stabbalot
Would there be any way to disable hotlinking totally? Some sites seem to be able to do that.
That's what the htaccess file is for. At first I disabled all URLs from hotlinking that didn't turned up either no listing or a URL that was our site or its subdomain. When it flared up to 15GB again, I had to disable everything even for those that didn't report a source (which sucks, as some people naturally view the web this way, but I was against a wall and had to disable access for them as well). Sadly, the problem continues, and now I'm at a loss...
Post by: stevey on August 23, 2007, 12:58:27 PM
Post by: Arbok on August 23, 2007, 01:09:35 PM
Quote
Originally posted by: stevey
Try changing the names of the jpegs so it will break the links to them and/or change the jpegs themself to some else
Did that this afternoon, and success... as bandwidth dropped to .5GB an hour. It's a temporary fix, though, but at least something that can be done.
Post by: UncleBob on August 23, 2007, 05:11:36 PM
Post by: Arbok on August 23, 2007, 06:05:57 PM
Quote
Originally posted by: UncleBob
Can you do something like the script that Super has set up for the Funhouse banner where it'll pull images from elsewhere - it just pulls from the same directory, but I'm thinking from a different site totally - like, perhaps .jpgs from the site of the person "hacking" you or from the people you rent server space from who should, ideally, be helping you in a case like this?
I run something similar to that somewhere else on the site. Technically I could, although I would rather not enter a "eye for an eye" type of scenario where things would escalate forever. The htaccess file we have up does redirect the images when they are showing up as a obvious hotlinking source, and replaces them with this:
Luckily, as I mentioned above, bandwidth has been at a very reasonable .5GB an hour after the last changes, and I just hope it stays around there. *knocks on wood*
Post by: bustin98 on August 23, 2007, 06:08:31 PM
Post by: Arbok on August 23, 2007, 06:32:14 PM
Quote
Originally posted by: bustin98
Shouldn't the log files reveal the IPs of the offending machines? My server was getting hit by Chinese addresses so I denied access to the range of addresses. I am using IIS6 and my webstats program is SmarterStats, I am not sure if that info is provided in the same manner with Apache and whatever stats program you have.
Normally, yes... however, the stats are down due to the volume of requests they are pushing toward the site (an hour worth of activity = 1.12GB log). When they were up, it was clear that it wasn't going to be that easy as the history was showing a variety of IPs each that was taking up 200-400MB of data. A whois search on them turned up no connection either (proxied, I'd assume). They are certainly pro at this.
