1.22 Gb From One Host/ip ?

[surfdean]

In my Awstats, i found a particular host, ip24-251-175-189.ph.ph.cox.net who has sucked down 1.22 Gb of data in two days, Feb 22,23.

 

It was almost all images, as I have 1.5 Gb of jpgs of bandwidth used of 1.55 total gb for the month.

 

I only have less than 2MB of images on my site.

 

What was this person doing?

 

How can I stop this from happening in the future because it

1. screws up my stats

2. might push me over my bandwidth usage limit

 

I imagine it's hopeless to try to contact this person, but how might I try?

 

TIA

dean

[TCH-Tim]

Do you have hotlinking protection turned on?

[surfdean]

Do you have hotlinking protection turned on?

<{POST_SNAPBACK}>

 

 

Ummmm. huh? I just checked Cpanel and no I don't.

 

But. I don't understand how they could, for only 2 days, constantly beat my site's jpgs to transfer death and then stop.

 

Wouldn't the specific IP continue to pull my bandwidth over a longer period of time?

 

Before I gung-ho the hotlinking...

Are there disadvantages to turning on hotlinking?

It reads that it stops people from showing my pics from another site. Is there any way I can find out what site? Of course ip24-251-175-189.ph.ph.cox.net doesn't exist anymore..

 

dean

[stevevan]

Hopefully someone more technically knowledgable on this will respond, but it sounds like to me that someone downloaded all the pics that they wanted from your site and then moved on.

[surfdean]

Hopefully someone more technically knowledgable on this will respond, but it sounds like to me that someone downloaded all the pics that they wanted from your site and then moved on.

<{POST_SNAPBACK}>

 

That's the weird thing. I only have 2 MB of images.

 

did they download all of my images 800 times?

why might someone do that?

 

could they be infected by some worm/virus/troj/etc?

 

d

[TCH-Tim]

That's the weird thing. I only have 2 MB of images.

 

did they download all of my images 800 times?

why might someone do that?

 

could they be infected by some worm/virus/troj/etc?

 

d

Probably not hotlinking by the way. I just noticed you had posted the host IP. So it's probably some guy, not some website. Could have been hammering your site for whatever reason. Tough to tell sitting here. The support folks might do some logging that could help you out. If you're so inclined, you could also call Cox and let them know you suspect foul play and see what they can tell you.

 

By the way, nice site. Makes me miss the good 'ole days surfing in Hawaii.

[surfdean]

Probably not hotlinking by the way.  I just noticed you had posted the host IP.  So it's probably some guy, not some website.  Could have been hammering your site for whatever reason.  Tough to tell sitting here.  The support folks might do some logging that could help you out.  If you're so inclined, you could also call Cox and let them know you suspect foul play and see what they can tell you.

 

By the way, nice site.  Makes me miss the good 'ole days surfing in Hawaii.

<{POST_SNAPBACK}>

 

thanks for the tip... I'll wait to see if I get more TCH feedback on this. I would call Cox, but I'm in Costa Rica and the phone charges here are ridiculous.

 

thanks for the kudos... Actually the first thruster surfboard I owned was a garduque, and that alone intrigued me enough to check your site.... funny blog. (paraphrase) "teurettesguy grounds his son for not agreeing that the garbage disposal sounds like a wookie taking a sh^%."

 

LOL. haven't had a good snickerlaugh in a while...

 

d

[TCH-Tim]

LOL. haven't had a good snickerlaugh in a while...

Glad I could help. And I've regretted selling that surfboard since the day I did. Not that it would do me a lot of good out here in the desert, but still...

[stevevan]

That's the weird thing. I only have 2 MB of images.

 

did they download all of my images 800 times?

why might someone do that?

 

could they be infected by some worm/virus/troj/etc?

 

d

 

Who knows? There are some strange people out there! I'd second timhodge's recommendation to ask the TCH tech's to take a look if you're still concerned.

[djk]

Hopefully someone more technically knowledgable on this will respond, but it sounds like to me that someone downloaded all the pics that they wanted from your site and then moved on.

<{POST_SNAPBACK}>

 

That's the weird thing. I only have 2 MB of images.

 

did they download all of my images 800 times?

why might someone do that?

 

could they be infected by some worm/virus/troj/etc?

 

d

<{POST_SNAPBACK}>

 

there are specific programs, I think they used to be called trawlers or spiders that can be configured to scan the net and download sites containing keywords or images. My quess is that it was a misconfigured program that repeatedly either downloaded your whole site or just the images on the site. It's a way to go "shopping" for images. I think google and yahoo use similar programs to index sites.

[annie]

Some bots get caught in loops, infinite or otherwise.

 

I'd block the IP number in .htaccess and not worry anymore about it.

 

Well, I'd probably have a look in the logs first, to see exactly what was goin on.

[surfdean]

Some bots get caught in loops, infinite or otherwise.

 

I'd block the IP number in .htaccess and not worry anymore about it.

 

Well, I'd probably have a look in the logs first, to see exactly what was goin on.

<{POST_SNAPBACK}>

 

 

Apparently some HTML coders get caught in infinite loops too... I have a slideshow on my index page that keeps on rotating through over and over and over and over and over and over... you get the picture... over and over again.

 

Seems like this person just had my page up and either left their computer on or perhaps had a *crash that left a connection open to that page. At any rate, it's my own fault for not having a max number of loops for the slideshow...

 

I shoulda checked the logs earlier... I'm just glad i didn't take any action against them.

 

dean

[ThumpAZ]

I would bet that the person is/was running some sort of website on their Cox account and using your images for their pages. However, instead of downloading them, then uploading them to their own server, they are linking to them from your domain. aka leeching.

It is a similar thing to hotlinking and can be protected against with the same methods.

 

EDIT: I did a little checking, and this person is running cable internet. With that type of bandwidth usage on your site, I would also imagine that this person was experiencing extremely high usage on their account and Cox shut them down for running a website on their account (not allowed).

 

Not much you can do about this particular person now, since the IP address is no longer responding.

[surfdean]

I would bet that the person is/was running some sort of website on their Cox account and using your images for their pages.  However, instead of downloading them, then uploading them to their own server, they are linking to them from your domain. aka leeching.

It is a similar thing to hotlinking and can be protected against with the same methods.

 

EDIT: I did a little checking, and this person is running cable internet.  With that type of bandwidth usage on your site, I would also imagine that this person was experiencing extremely high usage on their account and Cox shut them down for running a website on their account (not allowed).

 

Not much you can do about this particular person now, since the IP address is no longer responding.

<{POST_SNAPBACK}>

 

Okay. I've realized that this WAS entirely my own fault, as my slideshow (of three whopping images) was repeated from this IP ad nauseum. I have since modified the javascript code for the slideshow to allow for a new variable for maxloops. This way, I can have visitors only loop through the slides 10 or 15 times before the show stops.

 

I'm not really worried about this person. Now I think it was someone without bad intentions.

 

It sounds like I might want to turn on Hotlinking anyway, although I hesitate to stop people from doing something that they are not doing yet. Perhaps after I get the gallery uploaded...

 

Thanks for all your help!!!!

 

dean

[djk]

Okay. I've realized that this WAS entirely my own fault, as my slideshow (of three whopping images) was repeated from this IP ad nauseum. I have since modified the javascript code for the slideshow to allow for a new variable for maxloops. This way, I can have visitors only loop through the slides 10 or 15 times before the show stops.

 

I'm not really worried about this person. Now I think it was someone without bad intentions.

 

It sounds like I might want to turn on Hotlinking anyway, although I hesitate to stop people from doing something that they are not doing yet. Perhaps after I get the gallery uploaded...

 

Thanks for all your help!!!!

 

dean

<{POST_SNAPBACK}>

 

dean,

hotlinking protection is a good idea. over time people will find your images and some of them will try to use them by direct link to the image file. allowing only authorized domains this type of access is a good way to save bandwidth not to mention protecting your property.

[surfdean]

dean,

hotlinking protection is a good idea. over time people will find your images and some of them will try to use them by direct link to the image file. allowing only authorized domains this type of access is a good way to save bandwidth not to mention protecting your property.

<{POST_SNAPBACK}>

 

Even if I do hotlink protection, which I'll turn on in a moment, what's to stop somebody from downloading the image to their machine/server and using it anyway?

 

dean

[TCH-Tim]

Even if I do hotlink protection, which I'll turn on in a moment, what's to stop somebody from downloading the image to their machine/server and using it anyway?

It just keeps them from stealing your bandwidth, not the images themselves.

[surfdean]

Even if I do hotlink protection, which I'll turn on in a moment, what's to stop somebody from downloading the image to their machine/server and using it anyway?

It just keeps them from stealing your bandwidth, not the images themselves.

<{POST_SNAPBACK}>

 

OK. That's good.

 

Thanks for all the help everyone!

dean

[djk]

dean,

hotlinking protection is a good idea. over time people will find your images and some of them will try to use them by direct link to the image file. allowing only authorized domains this type of access is a good way to save bandwidth not to mention protecting your property.

<{POST_SNAPBACK}>

 

Even if I do hotlink protection, which I'll turn on in a moment, what's to stop somebody from downloading the image to their machine/server and using it anyway?

 

dean

<{POST_SNAPBACK}>

 

my coding is rusty, but there is a way to disable right clicks for a given page, i.e., the page your image is on. without the right click, a person can not "save image as.."

which does give you some more protection. people will always be able to "grab" the image via a screen grabber (like hyperSnap). So, if your FTP is set up right, and right click disabled, no one can "download" your images. they can use a screen grabber off of the local machines screen.

[TCH-BillH]

Just as an FYI ...

 

Most (maybe all) browsers use something called "cache" ... images, html, javascript, flash .... are all saved on their computer for future access if needed to bring the pages up more quickly.

 

So even though you may disable the right-click, your images are stored on the hard drive of most visitors to your website.

 

[surfdean]

Just as an FYI ...

 

Most (maybe all) browsers use something called "cache" ... images, html, javascript, flash .... are all saved on their computer for future access if needed to bring the pages up more quickly.

 

So even though you may disable the right-click, your images are stored on the hard drive of most visitors to your website.

 

<{POST_SNAPBACK}>

 

I guess then my best protection is to just have low res (i.e. 72dpi) images on the site that are not very large...

 

Ni modo,

dean

[TCH-Bruce]

I guess then my best protection is to just have low res (i.e. 72dpi) images on the site that are not very large...

Yes and watermarking your images isn't a bad idea either.