Posted on: 07/19/04 02:01pm
By: remy
Hello,
I'm seeing an anonymous visitor to several of my GL sites, downloading files one after each other. Time interval is about 5 - 20 mins. This vistor, I presume a bot, is coming back each month now. This 'bot' is abusing the numeric id (lid in filemanagement) to get them all.
What happens after this, is a new trend I guess. Apparently scanned for email adresses, a virus or spam is sent to the email addresses found, with sender email equal to another one in the same file.
In order to stop this, I've shutdown the download area for anonymous use.
Isn't there a more elegant way to stop the downloading and later abuse of the email addresses contained in those files. I mean, don't we all mention a courtesy email address when problems rise?
abuse of downloads
Posted on: 07/19/04 02:31pm
By: Dirk
[QUOTE BY= remy] This 'bot' is abusing the numeric id (lid in filemanagement) to get them all.[/QUOTE]
Is it downloading them all in numeric order? If not, did you check who owns the IP address?
The reason I'm asking is that I had a problem with Googlebot once, where it downloaded several files from the download area over and over again. That was easy to stop by telling it not to spider the filemgmt directory in the robots.txt.
If it is some other bot and it's coming from a static IP, it should be easy to stop with some .htaccess magic.
Otherwise, Blaine may have to implement something like a download speed limit in the plugin ...
bye, Dirk
abuse of downloads
Posted on: 07/19/04 03:34pm
By: beewee
If you have a cPanel control panel on your hosting account (or Plesk as well I guess) it's damn easy to block a certain IP adress.
abuse of downloads
Posted on: 07/20/04 06:06am
By: remy
The IP's seen are coming from Poland or are not allocated, according to ripe.net.
The abuse is normally using visit.php, so it could be a crawler. Robots.txt or .htaccess are not helpfull here.
I've got 3 different Ip's by now, and found one of the IP's in a virus spam, that is broadcasted 3 times a day. Well, somebody could be infected with a trojan, too.
The thing I've noticed is that the email addresses in the distributed sources are abused. So, blocking the IP's would not help at all, since there are numerous GL sites distributing the sources.
Off course, there is a possibility that I'm seeing ghosts here.
abuse of downloads
Posted on: 07/20/04 07:20am
By: beewee
Please show the IP adresses, perhaps we'll be able to find out anything about them. And we will be warned if we find them in our stats.