alfo

The real question I would like to ask is if there is any alert software than can be run to (quickly) notify the webmaster of excessive activity such as this so that the .htaccess can be updated PDQ to prevent bandwidth theft ?

The reason for the question is - Has anyone seen "over-activity" from ip address 87.217.78.75 ? Googling shows no results for this ip address anywhere (which is strange as I would expect it to normally show up somewhere in someone's log/stat files if you Google it at least).

This ip address is showing on stats for one of our clients where the bandwidth has been well and truly eaten up (317% as of this morning) and is making our reseller bandwidth usage this month get very close to our total quota.

The ip address is showing as Guatemala and as the client concerned is a metal fabrication company in the Black Country of the (UK) West Midlands, I doubt very much whether these are legitimate web site visits. Also, the site has maybe 200 pages max. The stats show 46457 pages loaded by this one ip in two days.

I've reported the abuse back to the whois contact - but the gate is now closed anyway (on that site, at least - I have to go through all of our .htaccess files to try and make sure this does not propogate through all of our sites).

Any advice would be welcome on this.

__________________
"Just do it"

MrBen

The IP address is showing as Spain for me - Jazztel.com

I don't think there's much you can do to alert you quickly. You'd basically need to run real-time log analysis which isn't feasible. You could perhaps write something that UH could configure to run say every hour (cron job) to check for an "excessive" (whatever you define that as) number of entries from an IP. You could then be emailed as required.

Ben

__________________
Veterinary Practice Management System by SoftFooding
Internet Data Usage Calculator: Estimate your monthly bandwidth usage for your Internet connection.

Vger

I cannot see this being "bandwidth theft", unless they are hotlinking images from the website (the most common form of bandwidth theft). Simply loading up your pages repeatedly in a browser is not (technically) bandwidth theft - though it costs you money and is VERY annoying!!

Hotlinking of images CAN be prevented in one go - by limiting which websites (your own and certain search engines) can display your images on their site - everybody else will get a 403 error. You'd do that with .htaccess.

Vger

__________________
Working with computers is a bit like getting old - the longer you're around the more wrinkles you find!

pursuit

if you dont sell to people outside the UK then you could ban anyone who is not from within the UK to visit your site, which could save you a lot of bandwidth.

Vger

Well, that would prevent Google, MSN, AOL, Ask etc from spidering the site, as almost all their servers are in the USA.

Vger

__________________
Working with computers is a bit like getting old - the longer you're around the more wrinkles you find!

alfo

Thanks for the replies guys.

Yep. Perhaps "Bandwidth theft" was the wrong phrase to use Vger. My prime concern is that if we go over our server/package quota as a whole then we get to foot the bill. We are running at about 94% so there is little room for these instances to occur without cost ramifications to us.

Yep. It does show as "Jazztel.com" in Spain. An ip>country lookup shows it as Guatemala.

Bottom line is .... I guess I'm just going to have to be more vigilant when watching bandwidth consumption during the month.

I have the bandwidth quotas set for all of our sites based on "past experience + a bit" so that if they should go over the quota I get the standard UH warning messages - which is fine.

On this occasion it is a small(ish) site and was three parts of the way through the month in any case but had this happened earlier in the month and with one of our larger sites with thousands of products & images then that could well have been a different story.

Thanks again guys.

"Stay safe out there...."

__________________
"Just do it"

pursuit

Short answer is NO. bots could also be selected to bypass the rule. It replaces .htaccess.

TygerTyger

It's not really a realistic approach though. New spider IP addresses are added, old ones change and you'd have to find a reliable list to start with. Unless you're being hammered all over the place then blocking specific IP address is the way to go.

__________________
Check your accessibility and web page quality

pursuit

the short answer is YES it is (albeit under testing - so far so good). and it doesn't work the way you described.