Lesson learned & Warning

mirepup · 09-18-2004, 05:39 PM

So - I learned my lesson about security this week. I guess I forgot to put an .htaccess file into one of my TGP directory's and got hotlinked by someone.

Keep your eyes open for "topfong.com" in your referrers logs. Someone had hotlinked all 20 images on one of my TGP galleries into a message there. I had nearly 3GB of traffic from that one message. There were a few others that were suspicious.

I've shut them down down, and protected that directory.

<sigh> Too bad none of that traffic converted....89,000 accesses.

**Chilihost** · 09-18-2004, 06:52 PM

topfong is a known asian hotlinking bbs, along with a few others, check out this thread http://forums.gaywidewebmasters.com/...ight=asian+bbs

since they hotlink the pics directly they don't see your sponsor ads so conversions are usually 0, not to mention that asian traffic is notoriously hard to convert anyway!

this is a good reminder of the importance of hotlink protection!

cheers,
Luke

mirepup · 10-18-2004, 03:57 AM

Originally posted by mirepup

Keep your eyes open for "topfong.com" in your referrers logs. Someone had hotlinked all 20 images on one of my TGP galleries into a message there. I had nearly 3GB of traffic from that one message. There were a few others that were suspicious.

I've shut them down down, and protected that directory.

So - I've blocked hotlinking. All they get are broken images, but they're still using bout 1/2GB per day of traffic. Not a lot, not causing overages, but I'm wondering if there's another way to block this more effectively? They're still showing 2000+ "hits" per day. Can I block them at another level or in some other way?

Anybody?

Dzinerbear · 10-22-2004, 12:58 PM

We should just scroll "set your htaccess file to ban topfong" seems like every webmaster gets screwed by them eventually. Can't we report them to their government? I thought the Chinese were throwing pornographers in jail.

dzinerbear

JustMe · 10-22-2004, 10:03 PM

Greetings:

Originally posted by mirepup
Can I block them at another level or in some other way?
Anybody?

When you block referrers via .htaccess, the request is still being made from the client to the webserver (in this case, Apache). Along with the URL being requested, other information, such as browser type, and referring URL are also being passed to Apache by the client. Apache also generates the error response (401), and returns that to the client. This is why you're still seeing the 1/2 gig of traffic.

There's no way, using Apache alone, to stop this bandwidth consumption. Many providers will charge for "outgoing traffic only", in which case the bandwidth being consumed by incoming requests isn't charged against your monthly bandwidth usage. Might be something to look into.

You were right about being able to block things "at another level". Many IDSs (Intrusion Detection Systems) and Firewalls can be set to hijack these connection requests based on referring url, lack of cookie presence, etc. In that case, you can stop the traffic before if ever reaches the webserver. Unfortunately, I have never seen a third-party hosting solution that offers such features.

If it were me, I would flat out block access to every country that I didn't intend to do business in for starters. Chinese visitors to my site? No thank you! Russians? Sorry, I think not!

Then, I'd set up to block hotlinking to all of the rest of the countries that I DO intend to do business in. I'd set up mod_rewrite to dynamically change hotlink requests for images to requests for banners advertising my site. Then, if someone hotlinks, they'll be doing branding for you if they're too stupid to realize that the link didn't work as they had intended. Cheap advertising!

bndguyinla · 12-25-2004, 08:56 PM

Hey I'm still new to working with .htaccess files. How exactly do you stop hotlinking to images?

JustMe · 12-25-2004, 09:04 PM

Greetings:

We have a free script online that'll generate the file for you in our webmaster resource center:

http://www.boyalley.com/webmasters/resources/toolbox/

bndguyinla · 12-25-2004, 09:27 PM

Some great tools on your webmasters page. I saved the link to use some of the tools.

We've recently learned from dzinerbear that our pages are very badly designed for search engine optimization and we're goint to start fixing them.

I loved your keyword tool on your page. It's frustrating to know that people who would look for our content can't find it.

Bearbound.com is our website.

Jasun · 12-27-2004, 02:29 PM

Originally posted by bndguyinla

Bearbound.com is our website. [/B]

And that site rocks, too. very fun stuff, and I think it's cool that your site is more about the bears and the bound than the five seconds of fetish and then plain old fucking for the rest of the shoot.