Excessive bandwidth use

pepe53pepe53
edited February 2009 in Science & Tech
I run a forum for a community of Expats in Spain. We recently had to change to a new host server because I took over from another guy that fell out with site owners.

The forum has been hosted on the new server since 8th Feb 2009 up to today it has used 29gig of bandwidth. Looking at the stats it appears that someone (probably the former manager) is hitting the site with multiple visits. Looking at the time stat for length of stay. There have been 296visits today by someone that did not spend more than one second on the site. It also seems that they hit a number of pages at the same time. This is replicated back to the 8th Feb.

So, my question to you is. Is this my imagination or is it possible to set this up with some kind of script? We know the IP address of the suspect but he is part of a network of users all using the same IP address. Apart from asking the IP to block his access to our site is there any other way we can either stop these attacks or trace him so we can take legal action.

Hope someone can come up with something.

Comments

  • kryystkryyst Ontario, Canada
    edited February 2009
    There are certainly scripts to do that to a site. Basically it's a DOS attack, but without enough of an attack to do any real damage. Your host though should have logs that are tracking it and you should be able to contact them to see what they can do. You are paying them ask them for service.
  • pepe53pepe53
    edited February 2009
    kryyst wrote:
    There are certainly scripts to do that to a site. Basically it's a DOS attack, but without enough of an attack to do any real damage. Your host though should have logs that are tracking it and you should be able to contact them to see what they can do. You are paying them ask them for service.


    Thanks for the speedy reply. My host have helped but can only provide so much info. We have tracked it down to this one particular IP address that has used up 43% of the bandwidth having accessed over 430,000 files compared to the next highest of 140,000 since the 8th Feb. What I would like to find out is if there is any way of identifying this script if thee is one.

    The forum is not graphic intensive and just has the normal avatars and smilies on it.
  • kryystkryyst Ontario, Canada
    edited February 2009
    No you can't figure out what script it's using if it is one.
  • GrayFoxGrayFox /dev/urandom Member
    edited February 2009
    Ask your host to drop all traffic from his ip address. (Assuming you don't have shell to the machine hosting it). Then the problem is solved and you can go back to not using much bandwidth.
  • pepe53pepe53
    edited February 2009
    Not that easy I am afraid. His IP address is used by about 30 other people as it is on wi-fi network for people living in the countryside in Spain where there are no landlines for ADSL.

    Thanks anyway.
  • AlexDeGruvenAlexDeGruven Wut? Meechigan Icrontian
    edited February 2009
    I think part of the problem, however, is that the hits are coming from an IP that also has legitimate users behind it.

    We have 2 outward-facing IPs with about 15,000 users behind them (for web stuff, that is). If someone blocked either of them, there would be some real problems.
Sign In or Register to comment.