Attack details and new mirror
A couple of days ago a spammer posted a message into myspace.com, something like "Hey, I got a free Macbook today... Check out this site and you can win too..." and as source image he used a MacBook image I posted some months ago in my Blog.
In few hours this post spread into a lot of myspace.com accounts and I received more than a million of requests for my MacBook image (please note that I don't have a myspace account).
My hosting company was forced to shut down SQLabs.net web site for some hours (on Mar 22, 2007) while we tried to find out a solution to this huge issue.
To give you an idea of the traffic generated by this image, these are a portion of my statistics:
Date / Hits / Bytes Transferred
Mar 21, 2007 / 1094475 / 88.39 GB
Mar 22, 2007 / 883184 / 24.58 GB
Mar 23, 2007 / 1117560 / 222.21 MB
Mar 24, 2007 / 1654770 / 257.51 MB
We contacted the abuse department inside myspace.com and I think that they removed all the posts yesterday, in the meantime we tried several different kind of solutions, but the truth is that there isn't a definitive solution for this kind of attacks.
I found that for some strange reason the images I posted on my blog are always on top of Google Images (someone know a good reason?) so the first thing I did was to disallow google images to index my site, this involves editing the robots.txt file and adding something like this:
This helps reduce the traffic from about 90Gb to about 220MB.
Maybe when the requests for this image will decrease I'll activate the ModRewrite script so I'll be more protected from the "Image Theft" problem.
Like mail spam, this is a problem without a definitive solution so maybe in the future I could have the same exact issue or something worse. With that in mind, I decided to set up a mirror site for my main web site (I own also the sqlabs.com domain) using rsync and some tips from this article.
My hosting company is Pair Network and I use their services since 1999, I am quite sure that no one can beat their professionally and their reliability.
As a mirror hosting I choose Dreamhost because they offer Terabytes of bandwidth for an incredible low price.
I am really satisfy with my new mirror site and sometimes bad things force you to take the right decision.
My new mirror site is http://www.sqlabs.com and it is automatically synced every 10 minutes.
In few hours this post spread into a lot of myspace.com accounts and I received more than a million of requests for my MacBook image (please note that I don't have a myspace account).
My hosting company was forced to shut down SQLabs.net web site for some hours (on Mar 22, 2007) while we tried to find out a solution to this huge issue.
To give you an idea of the traffic generated by this image, these are a portion of my statistics:
Date / Hits / Bytes Transferred
Mar 21, 2007 / 1094475 / 88.39 GB
Mar 22, 2007 / 883184 / 24.58 GB
Mar 23, 2007 / 1117560 / 222.21 MB
Mar 24, 2007 / 1654770 / 257.51 MB
We contacted the abuse department inside myspace.com and I think that they removed all the posts yesterday, in the meantime we tried several different kind of solutions, but the truth is that there isn't a definitive solution for this kind of attacks.
I found that for some strange reason the images I posted on my blog are always on top of Google Images (someone know a good reason?) so the first thing I did was to disallow google images to index my site, this involves editing the robots.txt file and adding something like this:
User-agent: Googlebot-ImageThe second step I tried was to disallow serving my images outside my domain, this can be done using the .htaccess file:
Disallow: /
SetEnvIfNoCase Referer "^http://www\.sqlabs\.net/" local=1but this wasn't a good option because the overhead for each request was too high (and you have to count also the overhead due to the ModRewrite engine), so I found that the easiest and best temporary patch was simply to set the size of the requested image to just 1 byte.
SetEnvIfNoCase Referer "^http://www\.sqlabs\.net$" local=1
SetEnvIfNoCase Referer "^$" local=1
<Directory ".(gif|png|jpg)$">
Order Allow,Deny
Allow from env=local
</Directory>
This helps reduce the traffic from about 90Gb to about 220MB.
Maybe when the requests for this image will decrease I'll activate the ModRewrite script so I'll be more protected from the "Image Theft" problem.
Like mail spam, this is a problem without a definitive solution so maybe in the future I could have the same exact issue or something worse. With that in mind, I decided to set up a mirror site for my main web site (I own also the sqlabs.com domain) using rsync and some tips from this article.
My hosting company is Pair Network and I use their services since 1999, I am quite sure that no one can beat their professionally and their reliability.
As a mirror hosting I choose Dreamhost because they offer Terabytes of bandwidth for an incredible low price.
I am really satisfy with my new mirror site and sometimes bad things force you to take the right decision.
My new mirror site is http://www.sqlabs.com and it is automatically synced every 10 minutes.
1 Comments:
Thanks for the interesting post. I'd never considered the problems that could be caused by having external sites link to a picture on a site and the amount of bandwidth that you lost is incredible! Anyway, well done for setting up the mirror site.
By Simon Wolf, at 10:38 AM
Post a Comment
<< Home