Jump to content

Someone's Stealing My Bandwidth


tdb
 Share

Recommended Posts

Hi,

 

I’m hoping to get some insight and some help. I have someone “getting” my images from a slide show on my site. It has been looping with a 200 code for 10 different images, one every 3 seconds. It’s been going for a day now and it’s obviously eating up my bandwidth. I’m fairly certain they have stolen my javascript for the slide show and are accessing my images from their site since there’s no caching of the images.

 

Unfortunately, the referring field just shows the “-“ symbol on the “latest visitors.” I have their ip address, but I’m not sure how useful that is on its own. I’ve tried hotlink protection, which then pulled up 403’s, but it messed up some other things, so no more of that. I have also renamed the images so it pulls up 404’s.

 

Right now, I have new jpg’s saying they have stolen my images. So far, no luck in getting them to stop so I may have to go back to the 404 errors. If they pull up hundreds of 404’s does that use bandwidth as well? I’m also concerned that it’s messing up my statistics and my logs.

 

Thanks for the help! I know you guys don’t want them eating up my bandwidth any more than I do!

Link to comment
Share on other sites

You need to enable hotlinking protection it will stop them dead!

 

http://www.cpanel.net/docs/cp/hotLinkPreventor.htm

not to contridict you, but he said he tried that and it messed some other things up.

 

Only thing I can think of to try to stop them is try to track them down as I mentions above, or rename the images, and take the page you have the slide show on and make it open in a new window without the menu bar, and stick a little piece of jscript in there to disable right clicking so they cant see the new filenames. thats not perfect as they can still right click the link to the page and do save as and get the source for the page to get the filenames, but its an idea....

Link to comment
Share on other sites

Thanks all for your replies. I always really appreciate the help in this forum. I retried the hotlink protection and I'll be darned if it don't work! I can't upload to my site but I just disable it and then re-enable it afterward. Fine by me, but the guy is now just getting a continual loop of 403's which I sincerely hope stops before he ruins next month's stats too!

 

But for now, I'm happy (as much as possible with a goober accessing my site!) At least the Lakers won (my sincere apologies to any Wolves fans, but it sure did help my mood).

 

Thanks again!

Link to comment
Share on other sites

Wow! I really appreciate that. I've got lots of leeway since it started at the end of the month, but thank you! I tell you, my experience with TCH is great. You're always on the tip of my tongue if anyone mentions needing hosting.

 

Just wondering, do the error codes use any bandwidth? If so, I'll have to talk to this guy's isp if it's still going on after a little while. Weird stuff! You gotta wonder what he's doing with all these errors being returned!

Link to comment
Share on other sites

If all the requests are coming from just one IP address, then it is quite weird indeed! Conventional bandwidth-stealing hotlinks are IMG tags whose SRC is on your domain instead of the domain of the page that contains the link. If that is what's going on, you should see lots of hits to the image(s) from lot of different IP addresses belonging to the visitors to the thief's site.

 

It sounds like you're saying that in this case one IP is hitting these images over and over and over again. Why would anyone do that? Just to be a jerk? Almost like a low-intensity DOS attack?

Link to comment
Share on other sites

Exactly! My guess is he stole my javascript for my slide show and left it running while linking to my own images. I don't know, maybe a weird theory but it's pretty hard to think up realistic scenarios where this might happen.

Link to comment
Share on other sites

Reporting them to their ISP is a dead end. Unless it comes from the host, they will file your complaint in the File 13 bin.

 

What is the domain name?

 

Let me get involved, I would like to see what kind of attack Matman thinks is happening.

Link to comment
Share on other sites

Yes, if all the requests are coming from just the one IP, then denying that IP would be more effective than hotlink protection in this case. It would also keep your stats from being effected.

 

As for an attack, I'm not sure if that's the right thing to call it (although I guess I did earlier). But if there are requests coming with such frequency all from one IP, it would definitely NOT be the result of a website that references the images/script/whatever, since such a reference would result in lots of requests from lots of different IPs with the offending site as the referrer.

Link to comment
Share on other sites

I don't know if I'm doing it wrong, but I've tried IP deny for his ip and nothing happens. Personally, that would be my choice of weapons, but no such luck so far. Anyone with any insight on what I could be doing wrong?

Link to comment
Share on other sites

65.42.80.123 - - [30/Apr/2003:13:30:18 -0400] "GET /image001.jpg HTTP/1.1" 403 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

 

65.42.80.123 - - [30/Apr/2003:13:30:22 -0400] "GET /image002.jpg HTTP/1.1" 403 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

 

65.42.80.123 - - [30/Apr/2003:13:30:26 -0400] "GET /image003.jpg HTTP/1.1" 403 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

 

65.42.80.123 - - [30/Apr/2003:13:30:30 -0400] "GET /image004.jpg HTTP/1.1" 403 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

 

 

I have pages and pages of this. It accesses every 4 seconds in a loop (just like my own javascript slide show which I think they stole).

Link to comment
Share on other sites

Weird. Maybe they are using your javascript as an active desktop background or screensaver or something? Doubtful, I admit <_<

 

And you say that adding that IP to IP Deny on CPanel didn't do the trick? I would suggest submitting a helpdesk ticket and getting a guru to try it for you, because if you have IP deny on that IP you should NOT be getting any new logfile entries originating from that IP.

Link to comment
Share on other sites

TCH Stones Ding Dong the Witch is dead! At 19:28:29 this dork stopped requesting my images. The TCH support staff reported him to his isp and I just hope they scared him out of doing this to anyone else. My hat's off to TCH! Thank you! Thank you! Thank you!

Link to comment
Share on other sites

  • 4 weeks later...

I would just like to say my hats off to Bill and his gang. I was just browsing through the forums and came across this article. I just have to say Bill and his gange are top notch. I think that is a awesome of TCH to donate "additional" badnwidth and to get involved in this situation.

 

It just goes to prove - TCH Stones

Link to comment
Share on other sites

Yes that does work.

It happened to me

A site selling German Sheperds

copied my k9 tribute page

and inserted the whole page below thier top frame, and called it K9 Dogs,

I found it by my stats, they were hotlinking my images.

So I replaced the k9 dog pics with

a16be2c0.jpg

the caption on the page is

'We have all seen these wonderful dogs in action at the scene of the World Trade Center '

:D :lol: :lol:

They took the page down after two days.

Link to comment
Share on other sites

You know what I usually do when someone steals my images? Forget hotlinking, I do something even better...

 

I replace the image with another image about 10x bigger. I put a lot of mean words that I won't even get into. :( That'll teach that person a lesson.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...