Hi, this is the first time I use this board, so I'm not sure if my topic is related to this forum or it need to moved to another forum!

Anyway, I have a small vB board (like this one) on my site, the visitors doesn't exceed more that 25 person at the same time and about 30-40 post a day. During this month, from Mar 1-15, I had 6 million hits and 36.5 Gig of bandwith.
In a matter of fact, I know most of my visitors from which part of the world, but there are two IPs from countries that I don't expect someone their intrest in my site. These two IPs are making about half of the hits & bandwidth!!

My question: Is it possible to track the activity of these two IPs on the server?

I would like also to provide you with some numbers, it might be usefull, these nembers are from Mar 1-15. Remember I don't have a big board or site:
Total Hits: 6541054
Total Files: 3846223
Total Pages: 5999901
Total Visits: 7048
Total KBytes: 34704468

Code 200 - OK: 3846223
Code 304 - Not Modified: 2669374

Do you think these numbers are normal or not?

If you have access to raw log files, you can easily find out what those two IP addresses are doing, since IP address is normally the first thing logged.

I download the log file then I read it by Web Trends software. It is hard to tell what are these IPs doing on the server, the log file doesn't show that. It tells the top visitors but doesn't tell which pages they open or what they did on server.

By the way, my hosting company block access to my site, becuase I exceeded the bandwidth limit :(

jacob,

This doesn't sound right. If two IP addresses are taking up half of your transfer, I think that you should block them from the site. There are several tricks to do this, but I think the first priority is to get your site running again. You should inform your host about what is going on and then tell them that you plan on blocking these users ... that is if you want to. :)

I agree they are defenitely up to no good. I host a mid sized VB forum and they average about 75000 hits per day and they have approx. 225 users posting about 50 - 100 messages per day. Their bandwidth usage is usually under 5 gigs per month. Block those IP's if you can..

X-treme

This is crazy, even thought my site is closed, I checked the control panel today and the hits now are 7 million (Total Hits: 7373884).

Can someone explain how to block these IPs? please explain the steps in detail.

Here's one solution. Create a ".htaccess" file in the directory wheere the BB is stored. Put this in that file:


(Limit GET POST>
order allow,deny
allow from all
deny from 1.1.1.2 2.2.2.3
(/Limit>

Replace both "(" with a "<" ... VB ate it up as HTML when I used the <.

You should replace the "1.1.1.2" and the "2.2.2.3" with the actual IP addresses that should be blocked. The should be separated with a space.

Hope this helps. :)

if its a linux box


and you have root


use ipchains

type this as root

/sbin/ipchains -A input -s 123.123.123.123 -d 0/0 80 -p tcp -j REJECT

replace 123.123.123.123 with his ip

I used Vincent Paglione code and see what will happen until tommorow. I'm getting now close to 8 million hits (7950303)!!!

node9, I don't see sbin directory from Telnet. So just in case if I want to use your code, Is it necessary to see that directory from Telnet? I'm on share server.
what if there is more than IP, do I'v to spread them by space? What if in future I want to remove one IP or all what code I have to write?

Originally posted by jacob
I used Vincent Paglione code and see what will happen until tommorow. I'm getting now close to 8 million hits (7950303)!!!

node9, I don't see sbin directory from Telnet. So just in case if I want to use your code, Is it necessary to see that directory from Telnet? I'm on share server.
what if there is more than IP, do I'v to spread them by space? What if in future I want to remove one IP or all what code I have to write?

If you are on a shared server, you won't be able to access the ipchains command. Although you could ask your host to execute that command for you, if you tell them why exactly you want that IP blocked.