Domain and Server abuse has many incarnations. Hot linking your images, Denial of Service attacks, slimy posts on your site, breaking into your hosting/server account, hacking your site, and the list goes on. In this post I’m going to cover Bandwidth consumption abuse. Where your site/server is targeted and this causes you to consume large amounts of bandwidth which can cost you money, slow down your site, and perhaps your host will terminate your account.
Please study the screen shots below from a real site. Notice the HUGE spike in Bandwidth consumption in the month of June 2009. A site that normally burns 1 or 2 GB of Bandwidth has a HUGE spike to over 21 GB of Bandwidth. Certainly having your site on the top of the list in Digg or lots of media coverage could cause this but that wasn’t the case.
In the next section of the screen capture we can see that China is the number one Country producing this Bandwidth consumption. Since this is an English language site which has no content that would warrant these visits, we can immediately tell exactly which country and their respective IPs is engaged in this abuse.
In the Hosts section of the screen shot we can actually see which IPs are being used by the abusers. All of these stats are available to most of you via the almost default statistics programs which most Web Hosts provide. In this case we used Analog, Awstats, and Webalizer. Know that we are 100% sure that users from certain countries are targeting this domain, How do we fix it?
Use SamSpade to see exactly where those IPS are located. You can also use it to determine the IP address from a given domain name. For example, one of the first IPs we looked at was “61.28.16.0” and SamSpade told us exactly where that IP was located which was China. After just a few minutes we easily determined exactly where the offending IPs we located. In this case it was 5 or 6 different Countries and we were also “shaping” the site traffic to insure that only eligible countries whose users could produce revenue from the site could actually view the site. Many affiliate programs will ban you if you generate too much foreign traffic which their advertisers don’t want to target.
The final tool we are going to use is actually a web site named Block a Country, which quickly allows you to ban certain countries from every viewing your site and of course consuming large amounts of bandwidth. The site is easy to use, accurate, and requires a little bit of technical knowledge with your domain’s .htaccess file. Did it work after we banned 7 Countries? You bet. Bandwidth consumption returned to normal and everyone is a happy camper.
The moral of this true story is that all of us need to assume that our domain/server WILL BE abused. Not if, but when. Take the appropriate actions and continue to monitor your sites.