|brotherhood of LAN|
| 7:28 pm on Jun 2, 2013 (gmt 0)|
There would be a number of domains on a particular IP of a shared host, unless they specifically offer you a dedicated IP.
Have you checked the log files of the site in question to see if there's qualification of that 7GB bandwidth usage?
| 8:32 pm on Jun 2, 2013 (gmt 0)|
Don't have a dedicated IP. Most entries in the access log look like this, from the same ip:
##IP address## - - [02/Jun/2013:07:12:11 +0100] "GET /comments/vote.php HTTP/1.1" 200 75646 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
host seems to think it's an attack from automated software
|brotherhood of LAN|
| 9:04 pm on Jun 2, 2013 (gmt 0)|
It seems /comments/vote.php is getting a 200 response. Is that part of your site?
Either way you could ban the IP in .htaccess, and serve a much smaller 403 response rather than the 75 Kilobyte vote.php file.
Seems a script is broken or it's a low tech way of abusing your site... one IP hammering your site shouldn't be a big deal to you or your host.
| 9:47 pm on Jun 4, 2013 (gmt 0)|
yes, that folder should be blocked by robots anyway.
Well I've banned the IP, still not sure of the exact reason behind it, thanks a lot for your help though :)
| 10:05 pm on Jun 4, 2013 (gmt 0)|
my host just told me there is still high server load.
One theory is could someone be using my server IP against me (and possibly others) in the hope that the IP eventually gets blacklisted for abuse or something?
| 10:10 pm on Jun 4, 2013 (gmt 0)|
does the vote form work properly? maybe it goes into some kind of an endless loop when the input is blank.
| 10:20 pm on Jun 4, 2013 (gmt 0)|
"high server load" simply isn't enough information. You need to take a closer look at logs and see what's happening.
|using my server IP against me |
Do you mean, using your IP as a proxy? That would show up in logs as a request for a page with full protocol-plus-domain-- and the domain isn't your own. But if the host himself isn't blocking proxies, he's got a ### of a nerve complaining about any resultant server load :)
This post came in less than twenty minutes after the previous one :) That's not a lot of time to see any changes. When did you ban the offending IP?
| 11:05 pm on Jun 4, 2013 (gmt 0)|
i blocked it a couple of days ago, after my last post I checked my email and saw my host had emailed again.
The voting system is disabled.
Okay just so I'm understanding this, the access log shows my server / IP accessing the file right? If it was in a loop it wouldn't keep making new requests, would it?
| 11:09 pm on Jun 4, 2013 (gmt 0)|
|Do you mean, using your IP as a proxy? |
Not sure, just being paranoid :)
What questions should I be asking my host? Shouldn't they be the ones investigating it, I don't really know what I'm looking at on the logs to be honest.
| 11:26 pm on Jun 4, 2013 (gmt 0)|
First thing to ask: What kind of overload are we talking about?
High bandwidth alone? This in turn can either mean that your site is more popular than expected-- which you said isn't the case-- or that somebody is using it as a proxy to get at some other site(s).
Excessive computing resources? This can happen if a site is much more php-intensive or database-intensive than earlier sites you've had.
|when I hit the IP in the browser it lands on one of my other sites on the server |
Did you mean, the offending site's IP? Not any of your own? Then you get to the possibility of a DNS problem.
Does the offending IP belong to the same host? Doesn't have to be the same physical server, just the same owner somewhere alone the line.
|the access log shows my server / IP accessing the file right? If it was in a loop it wouldn't keep making new requests, would it? |
This is obscure. Do you mean that this is what the log actually does show-- or what the log would show under such-and-such circumstances?
An infinite-redirect loop that is intercepted by the browser will show up in logs as a series of identical requests, each met by a 301 response. The exact number is up to the browser; last time I tested (one human request, one browser) there were ten requests. A 301 by itself is the smallest kind of response, since there's no page being served at all. But if there are lots of them, the request itself could overload the server.