Recent Topics

Massive bandwith useage need fast help

Started by on Aug 27, 2005 – Contents updated: Aug 27, 2005

Aug 27, 2005 07:28    

Hi Everyone,

I am happy to pay anyone for help on this via paypal or donate again here.

I can give anyone login details if required.

I have been getting messages from my hosting account that I am about to exceed my bandwidth. Given only about 10 people read my weblog that was a surprise. At about the same time I started getting comment spam but it was not a lot and I deleted them. Still large amout of daily traffic. All to porn or casino sites. In my cpanel on my site the statistics show all over the world and almost none here in Australia.

Now I need to know more but I have a short term problem to lock the site down while I read up on how to avoid this.

I have disabled tracebacks and pings because I guess that is what the problem is.

Here is a typical email from my hosting account

New trackback on your post #26 "Dr Who?"
http://www.iansbrainstorm.com/index.php?blog=2&p=26&tb=1

Website: texas holdem poker software (IP: 81.8.110.33 , 81.8.110.33)
Url: http://www.adspoll.com/
Excerpt:
<strong>texas holdem poker software</strong><br />In your free time, visit some information dedicated to free poker flash no download no subscription

email me at b2evolution27Aug2005-max@sneakemail.com if you want to chat via any instant messenger or email of passwords (email address avoids future spam :-)

My first priority is to get this thing under control bandwidth wise and the second is to RTFM!

Thanks again.

Aug 27, 2005 07:37

http://isaacschlueter.com/tests/b2antispam_genhtaccess.php.txt

In your admin panel you update your spam list. After you have done that you can use the file listed at the address above to automatically update your .htaccess file to block all referers that contain those words. It should help slow things down. I modified my template to hide latest referer and top referer info too and got rid of the stats page.

HTH. Good luck.

Aug 27, 2005 07:50

That was fast thanks.

I did the update spam list already, forgot to mention that.

I will run the script thanks for that.

What about the comment spam? What do people do to avoid that? Can you filter the comments or would you force people to login to comment?

Ian

Aug 27, 2005 08:14

I don't think you need to do anything with your .htaccess file to cut the bandwidth that spammers steal when they try to spam you.

Step one is ALWAYS to keep your antispam table up to date. Click the link on your 'Antispam' tab until it returns only one response.

Next, either click the ban symbol next to each 'top referer' on your 'Stats' tab, or install my antispam rechecker hack (available on my hackblog or through the plugins section - which is linked above). If you go with the 'click the ban symbol' method just do it for each nasty linker you find.

Third: A VERY QUICK AND EASY SOLUTION TO COMMENT SPAM is to rename your htsrv folder as whoo explained very clearly in [url=http://forums.b2evolution.net/viewtopic.php?t=3764this post[/url]. As whoo pointed out, and I'll repeat till the earth's orbit decays and we collapse into our burned out dead husk of a star, update your blacklist!!!

Finally, if you get a comment spam click the edit link in the email you get, then click the ban symbol. Add them to the database. Add another incident to the database. BAN THEM! DELETE THEM!

Aug 27, 2005 13:06

EdB wrote:

Step one is ALWAYS to keep your antispam table up to date. Click the link on your 'Antispam' tab until it returns only one response.

Ok I only did it once, I have that up to date now

EdB wrote:

Next, either click the ban symbol next to each 'top referer' on your 'Stats' tab, or install my antispam rechecker hack (available on my hackblog or through the plugins section - which is linked above). If you go with the 'click the ban symbol' method just do it for each nasty linker you find.

I spent 30 minutes banning from the stats and it is an endless job. The stats still say referrers 18546! Is there a shortcut? I read up on your antispam rechecker and did not understand what that was going to do.

EdB wrote:

Third: A VERY QUICK AND EASY SOLUTION TO COMMENT SPAM is to rename your htsrv folder as whoo explained very clearly in [url=http://forums.b2evolution.net/viewtopic.php?t=3764this post[/url]. As whoo pointed out, and I'll repeat till the earth's orbit decays and we collapse into our burned out dead husk of a star, update your blacklist!!!

Is there a cron job you can do to do the updates or do you have to make a mod?

EdB wrote:

Finally, if you get a comment spam click the edit link in the email you get, then click the ban symbol. Add them to the database. Add another incident to the database. BAN THEM! DELETE THEM!

I got that loud and clear. I had no idea a handful of comment spasm could cause so much mess.

Thanks everyone for the help so far.

Ian

Aug 27, 2005 15:54

Is there a shortcut?

Yes. Read on.

I read up on your antispam rechecker and did not understand what that was going to do.

Here's why you need the rechecker: When you update the blacklist, it doesn't actually remove any spam. It just prevents spam in the future. The rechecker compares the blacklist to all of your current comments and reflogs, and gets rid of any spam you already have. The spam you've been removing is probably already blocked by your blacklist. The recheck hack would make getting rid of it much faster.

Is there a cron job you can do to do the updates or do you have to make a mod?

It's a hack, but not a very difficult one. Read about it [url=http://isaacschlueter.com/blog/work/programming/automatic_antispam_update_cron/]here[/url]. You can combine that with the rechecker and make a cron job that updates the antispam list and rechecks to remove any existing spam. That's been the best soultion for me.

Sep 01, 2005 06:25

If it is spam referrers that are causing the problem and you only have a few people who read your blog, you could always do what I did - rename the blog and redirect or block anyone who comes looking for the old name.
I have had the greatest pleasure in seeing countless numbers of spammers being sent into oblivion!
It hasn't affected the people who come to my site to read the blog.

I also implemented Isaac's cron job solution for automatically updating the antispam, plus used some of the techniques in Whoo's thread. It's amazing how much bandwidth this has saved me!

The other thing to look out for though, in terms of bandwidth usage, is how much is being used by search bots. Googlebot has been misbehaving lately and if you search under googlebot and bandwidth you will find there are heaps of people now being forced to block Google until the bot settles down.

Sep 01, 2005 08:01

I took the website off line as I am very busy with real work. I will put it back up when I understand how to manage all of this better. I might wait untill the next release. I was thinking of importing everything into a new install but might just enter the 30 odd entries in by hand. I would loose the comments though.

Thanks for the help everyone.

Sep 04, 2005 12:07

I need some help with this rechecker.

The first step is to alter your antispam table to add a new field for checked or not. This is the code phpmyadmin showed me after I added the field.

ALTER TABLE `evo_antispam` ADD `aspm_checked` ENUM( 'needs', 'gotit' ) DEFAULT 'needs' NOT NULL

That is great but I do not know the steps to create the record. I go into myphpadmin and select the table and select add but I do not know how to fill the fields out. How do I convert the information above into what I need to enter into the field parameters?

I have just spent an hour manualy removing referers because I did not understant the above but it will take ages to do so I am giving it a go. I just don't have the experience.

Thanks.

Sep 04, 2005 12:46

Select your b2evo database, click on the SQL link, and paste in the code you're given, and you're good to go. The correct field will be created automagically, and you'll be lovely and spam free.

Sep 04, 2005 13:31

Ok thanks for that. Very easy.

No I followed the complete proceedure for the hack http://wonderwinds.com/hackblog.php/2005/02/07/antispam_recheck_tool_part3

and I get this.

Fatal error: Call to undefined function: list_antispam_short() in /home/username/public_html/admin/b2antispam.php on line 517

Line 514 to 518 show as

<?php
if( $show_full ) {
list_antiSpam();
} else {
list_antiSpam_short();
}

Again I am clueless, any help apreciated.

Edit: Deleted the hacks.php file and everything working ok. I have tried the hacks.php file several times to make sure it is ok. I restored the original b2antispam.php and it did not help. Something in the hacks.php is causeing problems no matter which version of b2antispam.php is in the folder.

If I have the hacks.php I also get this at the top of every page of my site which is the contents of hacks.php so I must be missing something in the file.

function list_antiSpam_short() { global $DB, $querycount, $tableantispam, $res_stats; $sql = "SELECT aspm_ID, aspm_string, aspm_source, aspm_checked FROM $tableantispam WHERE aspm_checked = 'needs' ORDER BY aspm_string ASC"; $res_stats = $DB->get_results( $sql, ARRAY_A ); }

Sep 04, 2005 14:02

Did you wrap the function in your hacks.php file in <?php at the start and ?> at the end?

Sep 04, 2005 14:47

Thanks Graham,
Someone who realises how nieve I am :D
That fixed it.
After this I will try and spamproof. This takes a long time. Thousands of entries because I ignored a few comment spams.
Also I had not realised you had to update multiple times to get the complete blacklist. I won't make that mistake again!

Thanks everyone for the hand holding and friendly assistance even when I did not read the extensive information on the forums.

I have learnt quite a lot in the last few days and apreciate it.

Sep 05, 2005 01:28

I invite you to read the following posts in order to reduce your bandwith and CPU usage:

Sep 27, 2005 09:47

kwa I have reduced bandwidth to almost nothing.

CPU useage does not seem to be a problem

I just find my stats Webalizer Web Stats are now no longer accurate as the site still seems to being hit. It seems once someone has your site targeted it is like email spam, it just seems to go on forever. I think the time I took to react to the problem compounded the severity of the problem. Is it likely I will ever get correct stats now I have plugged the holes with hacks?

Are newer releases of b2 going to address these issues as obviously a basic install of b2 is extremly vulnerable?

Thanks everyone.

Sep 27, 2005 16:08

A few weeks after removing the "disp=stats" links recommanded in [url=http://b2evolution.net/man/2004/12/29/control_referer_spam_howto]How to control referer spam hits from search engines[/url], once the main search engines updated their indexes, I've noticed most -- but not all -- of the referrer spam hits stopped... and moved to other pages.

Since one of the objectives looked for by spammers is to increase their search engines ranking, removing pages from search engines indexes makes spammers going elsewhere. It appears spammers use mainly [url=http://www.google.com]Google[/url] to update their databases of pages to spam. Your site will probably never dissapear from some spammers' databases, but spam should not increase as quickly as before...

With the recent decision to make all comments links rel="nofollow" by default in the Phoenix release (see [url=http://b2evolution.net/news/2005/09/26/rel_nofollow_spam_prevention]Post details: rel="nofollow" spam prevention[/url]), spammers might track other sites in the future...

I've seen some spammer Google searches aimed to insert my blogs to spammers databases. I believe looking for "b2evolution trackback comments" is not intended to read all of them...

[url=http://www.mrunix.net/webalizer/]Webalyzer[/url] does not seem to count all the hits. Spammer hits does not appear to be counted. [url=http://awstats.sourceforge.net/]AwStats[/url] counts more hits, even if both use the same [url=http://www.apache.org]Apache[/url] logs as input.

For now, about 30% of my blogs entry hits are identified as referrer spammers and redirected to a "please stop spamming me" page. My [url=http://b2evolution.net]b2evolution[/url] powered site displays about 100,000 pages a month. That makes a lot of spam!


Form is loading...

CMS software – This forum is powered by b2evolution CMS, a complete engine for your website.