Spammers Stole My Bandwidth

This is a guest post from 2020Media customer Andy C. He writes:

The other morning I had an automated email from 2020media advising I was nearing my bandwidth quota. So I went over to google analytics to see if there had been a sudden surge of interest in the site. There was no real change so I knew I’d need to investigate further.

I also had a look at my spam numbers as spammers had previously been a bandwidth cause. However, there were only a handful of comments needing approval and the numbers that had been sent directly to spam were quite small too.

Rex from 2020media recommended looking at the webalizer web stats provided by the site, these are driven directly from the Apache server and are used by the bandwidth monitor. The numbers here are hence a more accurate reflection of bandwidth use. I logged into the FTP server and downloaded the logs to analyse off-line.

The monthly summary did not give any clues so I drilled into the details for March. The problem was highlighted both in the form of the graph and big numbers that had been pulled in over the weekend of 11th and 12th.

Looking further down the report I could see that the big numbers were for the home page (not much of a surprise) and for the comment subscription page which is the landing page when people save a comment.

Comment subscription page

Further down the report I could see the culprits, a couple of IP addresses that were pulling a lot of Kbytes.

IP addresses that were pulling a lot of Kbytes.

I’ve added those to my blacklist so that should keep them at bay. I’ll also be pro-actively monitoring my Bandwidth Gem to make sure they’ve not come back.

Many thanks Andy.