How to NOT exceed bandwidth How to NOT exceed bandwidth
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

How to NOT exceed bandwidth

Started by nontekkyguy, April 20, 2006, 05:19:02 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

nontekkyguy

Blocking visitors from using different emails from accessing a gallery is one way to prevent brute force attacks. Is there another way. My site got slammed and is now down because it exceeded bandwidth. I have a small registered membership so I don't think it came from within. What other ways can one curtail this from happening to a free gallery?
Link not work safe: www.josefaro.org

P.S. Yes, I have already installed security fixes as of March 2006 and I have curtailed hotlinking via my cpanel.
learning requires patience; teaching requires more

Tranz

It's hard to say. Have you looked at your site stats and logs? If it's a porn site, well, they tend to be popular. Have you disallowed directory listing? How much bandwidth are you allowed? Maybe you simply don't have enough?

nontekkyguy

I will check my stats, but I am quite sure my allotted bandwidth is more than sufficient. My gallery is not a porn site, but I do shoot nudes, hence the reason the site is not work safe. I have visited some of the other galleries from CPG users and noticed that they have set the Administrator notification/permission to "off".  I on the other hand have it set so that I have to approve visitors. The gallery is not a public one per se, but for other artists and potential buyers or businesses.  I'm thinking someone was upset that I didn't allow them access and performed a brute force attack. Is this possible?
learning requires patience; teaching requires more

Joachim Müller

This of course is possible, provided that attacker as enough bandwidth available to bring your server down. Another possible reason might be search engine spiders or offline website copiers like HtTrack - they eat all bandwidth they can get. As Thu suggested: you will only find out if you review your webserver logs, everything else is just blind guessing.

nontekkyguy

#4
Thanks!
I just checked and sure enough I see spider attacks!  I thought spiders were a good thing, when it came to getting information about the site to the search engines. I'm sensing I should block spiders altogether, and btw I've added an .htaccess file to my albums folder. I will definitely add HtTrack to my list of blocked user agents.
F.Y.I. for those interested here's the line I use in my .htaccess file (I put .htaccess in albums folder)

RewriteCond %{HTTP_USER_AGENT} ^HTTrack.* [NC,OR]
learning requires patience; teaching requires more