How to NOT exceed bandwidth How to NOT exceed bandwidth
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

How to NOT exceed bandwidth

Started by nontekkyguy, April 20, 2006, 05:19:02 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

nontekkyguy

April 20, 2006, 05:19:02 PM
Blocking visitors from using different emails from accessing a gallery is one way to prevent brute force attacks. Is there another way. My site got slammed and is now down because it exceeded bandwidth. I have a small registered membership so I don't think it came from within. What other ways can one curtail this from happening to a free gallery?
Link not work safe: www.josefaro.org

P.S. Yes, I have already installed security fixes as of March 2006 and I have curtailed hotlinking via my cpanel.
learning requires patience; teaching requires more

Tranz

#1
April 20, 2006, 09:59:56 PM
It's hard to say. Have you looked at your site stats and logs? If it's a porn site, well, they tend to be popular. Have you disallowed directory listing? How much bandwidth are you allowed? Maybe you simply don't have enough?

nontekkyguy

#2
April 21, 2006, 07:19:25 AM
I will check my stats, but I am quite sure my allotted bandwidth is more than sufficient. My gallery is not a porn site, but I do shoot nudes, hence the reason the site is not work safe. I have visited some of the other galleries from CPG users and noticed that they have set the Administrator notification/permission to "off".  I on the other hand have it set so that I have to approve visitors. The gallery is not a public one per se, but for other artists and potential buyers or businesses.  I'm thinking someone was upset that I didn't allow them access and performed a brute force attack. Is this possible?
learning requires patience; teaching requires more

Joachim Müller

#3
April 21, 2006, 06:02:06 PM
This of course is possible, provided that attacker as enough bandwidth available to bring your server down. Another possible reason might be search engine spiders or offline website copiers like HtTrack - they eat all bandwidth they can get. As Thu suggested: you will only find out if you review your webserver logs, everything else is just blind guessing.

nontekkyguy

#4
April 23, 2006, 10:56:04 AM Last Edit: April 23, 2006, 11:33:39 AM by nontekkyguy
Thanks!
I just checked and sure enough I see spider attacks!  I thought spiders were a good thing, when it came to getting information about the site to the search engines. I'm sensing I should block spiders altogether, and btw I've added an .htaccess file to my albums folder. I will definitely add HtTrack to my list of blocked user agents.
F.Y.I. for those interested here's the line I use in my .htaccess file (I put .htaccess in albums folder)

RewriteCond %{HTTP_USER_AGENT} ^HTTrack.* [NC,OR]
learning requires patience; teaching requires more
Print
Go Up Pages1
User actions