|
View previous topic
::
View next topic
|
| Author |
Message |
etcetera
Joined:
24 Aug 2004
Posts:
97
Location:
Down by the sea in NC
|
Posted: Tue Feb 08, 2005 2:07 pm
Post subject: Help! How do I ban a user?
|
 |
|
I am out of my league here. I have a innocuous Martell type site that I put up last fall that is not getting much traffic yet. For example, the bandwidth used for all of January was 21.65 MB. I logged in today to view my stats and so far this month 58 visitors have used 1.27 GB in bandwidth. I checked the IP address of the culprit and it leads back to a host in NJ.
Okay, help! What is going on? It is not a bot so what is it and why? How do I ban it?
Could someone please tell me what it is and how to get rid of it? I'd sure appreciate any suggestions.
Gail
_________________
Need ideas for writing great content?
How about ideas for getting web content fast?
Affiliate Marketer's Handbook |
|
| Back to top |
  |
 |
etcetera
Joined:
24 Aug 2004
Posts:
97
Location:
Down by the sea in NC
|
Posted: Tue Feb 08, 2005 6:43 pm
Post subject:
|
|
|
Okay, I have a lot more information that I will post here in the hopes that it might help someone.
The gist of it is this, because I keep an eye on my stats, I saw that beginning three days ago (not a close enough eye apparently) my site started to receive massive amounts of traffic. I found in my logs the abusing IP address and contacted both that host and my own. What I ended up doing was adding a Deny from *IP#* (where *IP#* is just the number and nothing else) to my .htaccess file.
Apparently this type of attack is called "referrer spam" but I don't as yet completely understand what it is and why someone would do it. I'm working on figuring that part out...if someone knows and would illuminate me, I'd appreciate it.
The tech at my host said it's "when someone posts my site's URL to /. (slashdot) and causes massive traffic."
Okay, anybody know what that means?
Gail
(feeling especially dense and pretty stressed-out today)
_________________
Need ideas for writing great content?
How about ideas for getting web content fast?
Affiliate Marketer's Handbook |
|
| Back to top |
|
|
robertb
Joined:
09 Aug 2003
Posts:
1837
Location:
Columbus, OH
|
Posted: Tue Feb 08, 2005 7:37 pm
Post subject:
|
|
|
| etcetera wrote: |
Apparently this type of attack is called "referrer spam" but I don't as yet completely understand what it is and why someone would do it. I'm working on figuring that part out...if someone knows and would illuminate me, I'd appreciate it. |
Some sites have automatic scripts that browse the log files and create a page of which websites have referred the most traffic to them. My guess is these people SPAM many websites like this, hoping to find a couple that automatically create referrer pages.
_________________
Robert
Instant Site Comments - Allow Visitors to Comment On Your Content!
EbookNiches.com - 4 PLR Ebook Packages Each Month
Learn About DropShipping |
|
| Back to top |
 |
|
etcetera
Joined:
24 Aug 2004
Posts:
97
Location:
Down by the sea in NC
|
Posted: Wed Feb 09, 2005 1:19 am
Post subject:
|
|
|
anyone know anything about DDoS attacks? Apparently, that is what I've got. Gee, fun. The .htaccess didn't stop it and neither did a disallow on the robots.txt. I"ve got a trouble ticket into the offending ISP and they've got my raw logs. From what I've been told, if they dont' "take down the box" I may have to just trash the domain.
Has anyone else had anything like this happen? It's not like I'm Amazon.com or Chase Manhattan.
Gail
_________________
Need ideas for writing great content?
How about ideas for getting web content fast?
Affiliate Marketer's Handbook |
|
| Back to top |
|
|
Good_Newz
Joined:
08 Feb 2005
Posts:
5
|
Posted: Wed Feb 09, 2005 2:49 pm
Post subject:
|
|
|
I would suggest switching your host. Because if it is indeed a DDoS (Distributed Denial of Service) attack then it should be your host responsibilty to prevent this from happening. If they are unable to assist you with this problem then they are lacking. These attacks are at the network level and need to be prevented at the network level. First be sure that this is a DDoS attack, because if it is then others who share your host network or server should be affected as well. When you browse your site (normally) does the performance and navigation seem up to par or is it dragging and sluggish?
My guess is that is not a DDoS attack because your host did not help with the problem and second a DDoS is usually an attack from several machines lead by one or more intruders. But this is just my assumption, investigating it more should give you a clear answer and hopefully a solution.
I'm not sure of your hosting provider situation but the best way to get rid of this problem is by setting up the firewall to block all ports and open ports as needed, but this may not be a solution for the hosting provider, depending how large the network is and how valuable their uptime is. As well this can leave your site down and unoperable for more than a day. If the hosting provider is a larger provider then they may have several networks across the nation or globe and will be able to temporarily point you to another network. Just get confirmation from your host that it is DDoS, have them check their logs.
I hope this helps!
Some reading on DDoS:
http://www.computerworld.com/securitytopics/security/story/0,10801,89932,00.html
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci557336,00.html
_________________
My Favorite Sites:
http://www.rooket.com
http://www.ifoundgeorge.com |
|
| Back to top |
|
|
etcetera
Joined:
24 Aug 2004
Posts:
97
Location:
Down by the sea in NC
|
Posted: Wed Feb 09, 2005 3:14 pm
Post subject:
|
|
|
GoodNewz,
Thanks very much for that informative post. I have some more information (though not nearly enough in my opinion) but enough to make some decisions in my case.
Firstly, there is only one page that was affected, a blogger blog that I had hosted on my main site instead of on blogspot. So the url was http: www.mydomain/blog_page.htm. I have taken the blog and moved it back to blogger so now the offender is getting a 404. That has taken the load off my bandwidth and it's no longer racking it up. My site does not seem sluggish at all and otherwise appears completely unaffected.
From my research, I had come to the conclusion that it is a security issue with my hosting service. This site and one other were on a very inexpensive, small hosting company. Today, I am going to get an account with a larger, more secure company and move the other site but leave the "attacked" site where it is until I understand what is going on (and also so as not to possibly corrupt the new server). As I said, it seems not to be affected in any other way. Luckily, the targetted page was a relatively obscure one and not the home page itself, otherwise I would have had to take the whole site down.
And, that is what I really don't understand. This attack seems so targetted and strange that it doesn't seem to fit into the pattern of a DDoS or the referrer spam (at least from what I've been able to ascertain).
And my host seems really unconcerned! I opened a trouble ticket with the company hosting the IP address of the offender and haven't heard back from them either!
Weirdness of life on the Internet.
Gail
_________________
Need ideas for writing great content?
How about ideas for getting web content fast?
Affiliate Marketer's Handbook |
|
| Back to top |
|
|
AllanGardyne
Site Admin
Joined:
02 Jul 2003
Posts:
6302
Location:
by the beach, Australia
|
Posted: Wed Feb 09, 2005 8:32 pm
Post subject:
|
|
|
| etcetera wrote: | The tech at my host said it's "when someone posts my site's URL to /. (slashdot) and causes massive traffic."
Okay, anybody know what that means? |
Slashdot - http://slashdot.org/ - is a very popular forum with a PageRank of 9 and masses of traffic.
Sometimes a website can be mentioned on Slashdot and because of the publicity receive enormous traffic. Hence the expression, "I've been slashdotted."
The word "slashdotted" appears on 95,800 pages, according to Google.
Did you say something particularly interesting or outrageous on that page?
Is it possible that your web host's techie is correct?
_________________
Allan Gardyne
AssociatePrograms.com - You're here. Explore it! |
|
| Back to top |
|
|
| View previous topic :: View next topic |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Private Messages
Log in
