Welcome to Geeklog, Anonymous Thursday, December 01 2022 @ 07:45 am EST

Geeklog Forums

abuse of downloads


Status: offline

remy

Forum User
Full Member
Registered: 06/09/03
Posts: 162
Location:Rotterdam & Bonn
angry
Hello,

I'm seeing an anonymous visitor to several of my GL sites, downloading files one after each other. Time interval is about 5 - 20 mins. This vistor, I presume a bot, is coming back each month now. This 'bot' is abusing the numeric id (lid in filemanagement) to get them all.
What happens after this, is a new trend I guess. Apparently scanned for email adresses, a virus or spam is sent to the email addresses found, with sender email equal to another one in the same file.
In order to stop this, I've shutdown the download area for anonymous use.

Isn't there a more elegant way to stop the downloading and later abuse of the email addresses contained in those files. I mean, don't we all mention a courtesy email address when problems rise?

 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by remy: This 'bot' is abusing the numeric id (lid in filemanagement) to get them all.

Is it downloading them all in numeric order? If not, did you check who owns the IP address?

The reason I'm asking is that I had a problem with Googlebot once, where it downloaded several files from the download area over and over again. That was easy to stop by telling it not to spider the filemgmt directory in the robots.txt.

If it is some other bot and it's coming from a static IP, it should be easy to stop with some .htaccess magic.

Otherwise, Blaine may have to implement something like a download speed limit in the plugin ...

bye, Dirk
 Quote

Status: offline

beewee

Forum User
Full Member
Registered: 08/05/03
Posts: 969
Location:The Netherlands, where else?
If you have a cPanel control panel on your hosting account (or Plesk as well I guess) it's damn easy to block a certain IP adress.
Dutch Geeklog sites about camping/hiking:
www.kampeerzaken.nl | www.campersite.nl | www.caravans.nl | www.caravans.net
 Quote

Status: offline

remy

Forum User
Full Member
Registered: 06/09/03
Posts: 162
Location:Rotterdam & Bonn
angry
The IP's seen are coming from Poland or are not allocated, according to ripe.net.
The abuse is normally using visit.php, so it could be a crawler. Robots.txt or .htaccess are not helpfull here.
I've got 3 different Ip's by now, and found one of the IP's in a virus spam, that is broadcasted 3 times a day. Well, somebody could be infected with a trojan, too.
The thing I've noticed is that the email addresses in the distributed sources are abused. So, blocking the IP's would not help at all, since there are numerous GL sites distributing the sources.
Off course, there is a possibility that I'm seeing ghosts here.
 Quote

Status: offline

beewee

Forum User
Full Member
Registered: 08/05/03
Posts: 969
Location:The Netherlands, where else?
Please show the IP adresses, perhaps we'll be able to find out anything about them. And we will be warned if we find them in our stats.
Dutch Geeklog sites about camping/hiking:
www.kampeerzaken.nl | www.campersite.nl | www.caravans.nl | www.caravans.net
 Quote

All times are EST. The time is now 07:45 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content