Recently, my site (which is currently shut down because of this)has been getting hammered by a individual(s) and has driven my bandwidth through the roof.

My question is, how does one go about finding out exactly who is doing this? A whois (http://www.arin.net/whois) check with an IP number doesn't tell me much.

What's normal steps are taken to stop this idiot?

First check your access log, then use ipchains to disable access to your host from thier network(s).

If you are running on Linux, get their IP out of your log file, then set up an .htaccess file on your site and put a "deny from xxx.xxx.xxx.xxx" their IP. Or even better, put the "deny from" in your Apache config. file.

Don't you just love these clowns that have nothing better to do than take sites down? :angry:

The .htaccess suggestion might slow things down, at least they do on my server. I'd think ipchains are the way to go.

Then, email the ISP who owns the netblock with proof of whats goin on, times etc....

You could also have the server install mod_throttle which will throttle the amount of bandwidth that is going out. So if they ever "hammer it" again the site will just show that its temporarily down.

Thank you for your replies guys. Appreciated.

Curious though, what exactly are IPchains?

Originally posted by Curtis H.
Thank you for your replies guys. Appreciated.

Curious though, what exactly are IPchains?


check out: http://netfilter.samba.org/ipchains/

plus pmfirewall to go along with it http://www.pmfirewall.com/

and last but not the least http://www.psionic.com/

Originally posted by Curtis H.
Thank you for your replies guys. Appreciated.

Curious though, what exactly are IPchains?

It's a firewall tool for Linux (well, it's more than firewalling, it can also be used for accounting, etc.).

If you have 2.4 on your server, you'll need to use iptables (although you can recompile your kernel for ipchains support if you want). Just run 'uname -a' from the prompt and it should tell you what kernel version you're running. There's more info available from http://netfilter.samba.org/ :)

I'd think ipchains are the way to go.

You have to have 'root' access on the server (server owernship status) to enable and manipulate ipchains. If you have a decent host, they may be willing to set this up for you, otherwise you're stuck with the .htaccess option.