Jump to content

Recommended Posts

Posted

Hi,

 

I’m hoping to get some insight and some help. I have someone “getting” my images from a slide show on my site. It has been looping with a 200 code for 10 different images, one every 3 seconds. It’s been going for a day now and it’s obviously eating up my bandwidth. I’m fairly certain they have stolen my javascript for the slide show and are accessing my images from their site since there’s no caching of the images.

 

Unfortunately, the referring field just shows the “-“ symbol on the “latest visitors.” I have their ip address, but I’m not sure how useful that is on its own. I’ve tried hotlink protection, which then pulled up 403’s, but it messed up some other things, so no more of that. I have also renamed the images so it pulls up 404’s.

 

Right now, I have new jpg’s saying they have stolen my images. So far, no luck in getting them to stop so I may have to go back to the 404 errors. If they pull up hundreds of 404’s does that use bandwidth as well? I’m also concerned that it’s messing up my statistics and my logs.

 

Thanks for the help! I know you guys don’t want them eating up my bandwidth any more than I do!

Posted
You need to enable hotlinking protection it will stop them dead!

 

http://www.cpanel.net/docs/cp/hotLinkPreventor.htm

not to contridict you, but he said he tried that and it messed some other things up.

 

Only thing I can think of to try to stop them is try to track them down as I mentions above, or rename the images, and take the page you have the slide show on and make it open in a new window without the menu bar, and stick a little piece of jscript in there to disable right clicking so they cant see the new filenames. thats not perfect as they can still right click the link to the page and do save as and get the source for the page to get the filenames, but its an idea....

Posted

Submit a help desk ticket.

 

This is what hotlinking protection is for. Either you didnt set it up right or something went wrong, but it works ;)

Posted

Thanks all for your replies. I always really appreciate the help in this forum. I retried the hotlink protection and I'll be darned if it don't work! I can't upload to my site but I just disable it and then re-enable it afterward. Fine by me, but the guy is now just getting a continual loop of 403's which I sincerely hope stops before he ruins next month's stats too!

 

But for now, I'm happy (as much as possible with a goober accessing my site!) At least the Lakers won (my sincere apologies to any Wolves fans, but it sure did help my mood).

 

Thanks again!

Posted

Wow! I really appreciate that. I've got lots of leeway since it started at the end of the month, but thank you! I tell you, my experience with TCH is great. You're always on the tip of my tongue if anyone mentions needing hosting.

 

Just wondering, do the error codes use any bandwidth? If so, I'll have to talk to this guy's isp if it's still going on after a little while. Weird stuff! You gotta wonder what he's doing with all these errors being returned!

Posted

If all the requests are coming from just one IP address, then it is quite weird indeed! Conventional bandwidth-stealing hotlinks are IMG tags whose SRC is on your domain instead of the domain of the page that contains the link. If that is what's going on, you should see lots of hits to the image(s) from lot of different IP addresses belonging to the visitors to the thief's site.

 

It sounds like you're saying that in this case one IP is hitting these images over and over and over again. Why would anyone do that? Just to be a jerk? Almost like a low-intensity DOS attack?

Posted

Exactly! My guess is he stole my javascript for my slide show and left it running while linking to my own images. I don't know, maybe a weird theory but it's pretty hard to think up realistic scenarios where this might happen.

Posted

Reporting them to their ISP is a dead end. Unless it comes from the host, they will file your complaint in the File 13 bin.

 

What is the domain name?

 

Let me get involved, I would like to see what kind of attack Matman thinks is happening.

Posted

That would be great. Unfortunately, there's no domain name given in the referrer field on my log. The IP is 65.42.80.123 but that's all the information I have to go on.

Posted

Hi,

 

If you do a tracert to it, you can see thats its just a broadband user which I am guessing he is running is website from.

 

Using CPANEL you should be able to deny this IP address and your problems should be solved.

 

Jim

Posted

Yes, if all the requests are coming from just the one IP, then denying that IP would be more effective than hotlink protection in this case. It would also keep your stats from being effected.

 

As for an attack, I'm not sure if that's the right thing to call it (although I guess I did earlier). But if there are requests coming with such frequency all from one IP, it would definitely NOT be the result of a website that references the images/script/whatever, since such a reference would result in lots of requests from lots of different IPs with the offending site as the referrer.

Posted

I don't know if I'm doing it wrong, but I've tried IP deny for his ip and nothing happens. Personally, that would be my choice of weapons, but no such luck so far. Anyone with any insight on what I could be doing wrong?

Posted

Can you copy-and-paste a few lines from your raw access logs so we can look at exactly what's happening?

Posted

65.42.80.123 - - [30/Apr/2003:13:30:18 -0400] "GET /image001.jpg HTTP/1.1" 403 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

 

65.42.80.123 - - [30/Apr/2003:13:30:22 -0400] "GET /image002.jpg HTTP/1.1" 403 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

 

65.42.80.123 - - [30/Apr/2003:13:30:26 -0400] "GET /image003.jpg HTTP/1.1" 403 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

 

65.42.80.123 - - [30/Apr/2003:13:30:30 -0400] "GET /image004.jpg HTTP/1.1" 403 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

 

 

I have pages and pages of this. It accesses every 4 seconds in a loop (just like my own javascript slide show which I think they stole).

Posted

Weird. Maybe they are using your javascript as an active desktop background or screensaver or something? Doubtful, I admit <_<

 

And you say that adding that IP to IP Deny on CPanel didn't do the trick? I would suggest submitting a helpdesk ticket and getting a guru to try it for you, because if you have IP deny on that IP you should NOT be getting any new logfile entries originating from that IP.

Posted

TCH Stones Ding Dong the Witch is dead! At 19:28:29 this dork stopped requesting my images. The TCH support staff reported him to his isp and I just hope they scared him out of doing this to anyone else. My hat's off to TCH! Thank you! Thank you! Thank you!

  • 4 weeks later...
Posted

I would just like to say my hats off to Bill and his gang. I was just browsing through the forums and came across this article. I just have to say Bill and his gange are top notch. I think that is a awesome of TCH to donate "additional" badnwidth and to get involved in this situation.

 

It just goes to prove - TCH Stones

Posted

ya know what you should have done....

 

changed the images on your server to say "stop stealing my stuff you $&*#@(&" and had his site link to that.

 

he would have changed it real quick....

 

chuck

Posted

Yes that does work.

It happened to me

A site selling German Sheperds

copied my k9 tribute page

and inserted the whole page below thier top frame, and called it K9 Dogs,

I found it by my stats, they were hotlinking my images.

So I replaced the k9 dog pics with

a16be2c0.jpg

the caption on the page is

'We have all seen these wonderful dogs in action at the scene of the World Trade Center '

:D :lol: :lol:

They took the page down after two days.

Posted

You know what I usually do when someone steals my images? Forget hotlinking, I do something even better...

 

I replace the image with another image about 10x bigger. I put a lot of mean words that I won't even get into. :( That'll teach that person a lesson.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...