A few months ago, I was helping to manage a New Orleans community website, c3nola.org . Since Katrina, the site has been unused and nobody has been maintaining it. Yesterday, I received an email from the woman who purchased the site saying that she received an email saying her bandwidth had almost reached its limit. At first I had thought this was just a hoax, but (after I finally remembered the password!) i checked the site and the bandwidth use on the site in the last month claims to 9.45 GB! This seems incredible and I can't imagine why anyone would be using that much. The site does have drupal installed on it, perhaps someone is using an exploit? From the site stats, it looks like whoever is sucking up all the bandwidth is changing their browser and IP address fairly regularly (I assume a script could do this.) A sample of the raw stats looks like:
85.178.109.233 - - [25/Apr/2006:14:26:34 -0400] "GET /?PHPSESSID=1afc4d03ada0e78cf273d339c057cdbf HTTP/1.0" 200 38174 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"
85.178.109.233 - - [25/Apr/2006:14:26:36 -0400] "POST /trackback/4 HTTP/1.0" 302 0 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"
85.178.109.233 - - [25/Apr/2006:14:26:42 -0400] "GET /?PHPSESSID=2df1ef4bf0356ffa8e75e4b5c780d645 HTTP/1.0" 200 38174 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"
85.178.109.233 - - [25/Apr/2006:14:26:45 -0400] "POST /trackback/52 HTTP/1.0" 200 79 "-" "Mozilla/5.0
I have about 62000 lines of this, if it would help someone figure out what is going on. Has anyone heard of anything like this? Can TCH do something about this wasted bandwidth?
Brian Walters