The Honest Way Forum

[Phillip]

I just noticed that one of my static html sites showed "509 bandwidth exceeded", so I went to my WHM control panel to bump up the bandwith limits... What I noticed was that the previous limit - 100mb - had been filled within these four days, and it had also been exceede by 1300mbs. So at that moment I had 1400mbs of used bandwidth for that account. I decided to bump it up to 2000mb so that I could see if the site is okay - when I did this, I still gpt that "509" error. I went back to the control panel and now the bandwidth was 3200mbs.... I did raise a support ticket for this but do any of you have similar experiences? Hacked, Smacked or is it just some server side glitch? Thank god it's not a moneysite.

[Tel]

It could be you have an image that has been hijacked by someone and published on another site. This happened to me a while ago and the site ate a gig of bandwidth inside a day. The image got loaded into a popular forum thread but was hotlinked to my site, so every time the forum page was reloaded, my bandwith took a hit. You can check this in webalizer stats - it will show a big spike in MBs downloaded and should show you where the site/page is that is taking it all.

The way to stop it (if this is indeed the cause) is to get into cPanel and click the Hotlink protection icon, then enable hotlink protection for the site. That will stop the image loading wherever it is and save your bandwidth.

[Phillip]

Hits per Hour 9778, and a shitload of referring from h**tp://item.taobao.com and h**tp://zhangxuee.taobao.com/ - but I don't see anything mine there. Thanks for the hotlinking tip - I hope that solves the problem.

[dgodot]

A couple months ago I got an email from some British bank telling me that one of my sites was being used by phishers. I looked and found a folder full of files in my web directory that shouldn't have been there. Freaked me out, as I'm still not sure how they gained access to my FTP for that site. I changed all my passwords and everything, and haven't had any other problems, but apparently these people do have ways of hacking WHM/CPanel/FTP. You may want to check to see if there are any files you didn't put there.

[Phillip]

[Tel]

You got me. I know it looks like they're sending out a repeated loop of requests to load those non-existent pages, but I can't see how that is possible from a website.

I mean, if they can do that, then they have the means to attack and bring down any site they want by killing their bandwidth with repeated requests to load pages that aren't even there, causing the 404 errors but still eating up bandwidth with non-stop requests.

That is not possible without bringing their own server to its knees by using all their own bandwidth to make the requests. Unless of course they have a huge allocation and an ulterior motive. But why attack a small site like yours? Hackers like to go for bigger fish to make mischief. It doesn't make sense.

To be honest, I don't know what they're doing.

[Phillip]

Yeah. My site has one post on it, and it has been like that for a long time, and even if there is decent PR, it's not ranking for anything. The site that is bombarding me are some "big" auction site, so it looks like someone has found a way to abuse those sites, or it is the site owners doing that. If this had been going on from the start, I would believe that it was unintentional. taobao.com has 110 million pages indexed in google and clearly has frigging tens of thousands of pageloads per day.

Although it looks to me as if it is not the site that is bombarding me directly - they are using their visitors bandwidth to load a non existant wma file from my domain, causing it to 404 (or 500) in the background without the user even noticing it. Just like someone would be doing when hotlinking images - the users browser would load up the image from the other server and to the user it looks like it is all coming from the same site.

I guess I'll have to try to contact taobao.com owners... Hope they speak english...

edit: And of course - they only have a telephone number listed there - no e-mail addresses...
edit2:gah found it!
edit3: somehow they are still cosuming my bandwidth!!! Now it's up to 5gbs, even if the limit is clsoed - I'll have to park the domain for now or something !
edit4: and now it seems to be spreading 8b8d.com is doing the same thing somehow - although I can't find the referring url in their source codes... So I parked the domain for now - it's eating up the resources of my reseller account!

[Tel]

A temporary measure might be to switch nameservers to a free hosting account and let them worry about it.

Edit: There is a bandwidth limit function in WHM - does this do anything?

[Phillip]