I'm hoping somebody else has seen something like the following and has some
suggestions.
Last week, I noticed bandwidth consumption had jumped dramatically on my
Drupal site, from maybe 500 megabytes a day to 2.2 gigabytes a day.
"Cool!" I thought. But looking at my Analog reports, I noticed that what was
going on was somebody was repeatedly downloading just the site banner logo.
Looking at the raw logs, I saw that not only was somebody downloading the
banner repeatedly, they were using the site to make requests to all sorts of
pay-per-click ad-banner networks that I've never use (or even heard of).
Here's one example:
www.universalhub.com 221.232.79.8 - - [01/Sep/2004:00:31:21 -0400] "GET
http://www.xmlrevenue.com/s.php?keywords=DSL&username=infome
nl HTTP/1.0" 200 39857 "http://www.gbahome.com/ads/xmlrevenue.htm";
"Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.1)"
In .htaccess, I blocked off the offending IP numbers. Like the Borg, they
adapted. They switched to other numbers and kept coming. So I blocked off
whole ranges of IP numbers. They switched to new ranges. I changed the name
of the banner. They noticed and started downloading the new file. Finally,
I think I've blocked off all their IP ranges, but they seem to be pretty
resourceful.
The reason I'm posting this here is because of the GET commands in the logs.
Is this something Drupal-related I should be concerned about (I notice they
are also probing for all sorts of non-Drupal PHP and cgi type files)?
Thanks!
Adam Gaffin
Executive Editor, Network World Fusion
agaffin@xxxxxxx / (508) 490-6433 / http://www.nwfusion.com
"I programmed my robotic dog to bite the guy who delivers the electronic
mail." -- Kibo
--
[ Drupal support list | http://list.drupal.org/ ]
|
Try Searching:
servers, voip, java, networking, microsoft ...
|
|
|
| 
